Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,061 advisories

Loading
Moby Race Condition vulnerability High
CVE-2024-36621 was published for github.com/moby/moby (Go) Nov 29, 2024
Moby Race Condition vulnerability High
CVE-2024-36623 was published for github.com/moby/moby (Go) Nov 29, 2024
NULL Pointer Dereference on moby image history Moderate
CVE-2024-36620 was published for github.com/moby/moby (Go) Nov 29, 2024
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts Moderate
CVE-2024-53858 was published for github.com/cli/cli/v2 (Go) Nov 27, 2024
BagToad andyfeller
williammartin jtmcg Ry0taK
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace Moderate
CVE-2024-53859 was published for github.com/cli/go-gh (Go) Nov 27, 2024
BagToad williammartin
andyfeller jtmcg Ry0taK
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access Moderate
CVE-2024-8676 was published for github.com/cri-o/cri-o (Go) Nov 26, 2024
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion Moderate
CVE-2024-43784 was published for github.com/treeverse/lakefs (Go) Nov 26, 2024
N-o-Z
Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges Moderate
CVE-2024-52529 was published for github.com/cilium/cilium (Go) Nov 25, 2024
Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws High
GHSA-7f6p-phw2-8253 was published for github.com/taurusgroup/multi-party-sig (Go) Nov 25, 2024
OpenShift Console Server Side Request Forgery vulnerability Moderate
CVE-2024-6538 was published for github.com/openshift/console (Go) Nov 25, 2024
Kubernetes kubelet arbitrary command execution High
CVE-2024-10220 was published for k8s.io/kubernetes (Go) Nov 22, 2024
Apache Answer: Predictable Authorization Token Using UUIDv1 Low
CVE-2024-45719 was published for github.com/apache/incubator-answer (Go) Nov 22, 2024
SFTPGo allows administrators to restrict command execution from the EventManager Moderate
CVE-2024-52309 was published for github.com/drakkan/sftpgo/v2 (Go) Nov 21, 2024
hyperreality
cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs Moderate
GHSA-r4pg-vg54-wxx4 was published for github.com/cert-manager/cert-manager (Go) Nov 20, 2024
Rancher Helm Applications may have sensitive values leaked Moderate
CVE-2024-52282 was published for github.com/rancher/rancher (Go) Nov 20, 2024
ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic High
GHSA-7225-m954-23v7 was published for cosmossdk.io/math (Go) Nov 20, 2024
github.com/rancher/steve's users can issue watch commands for arbitrary resources High
CVE-2024-52280 was published for github.com/rancher/steve (Go) Nov 20, 2024
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata Moderate
CVE-2024-52522 was published for github.com/rclone/rclone (Go) Nov 19, 2024
hakong ncw
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request High
CVE-2024-0793 was published for k8s.io/kubernetes (Go) Nov 17, 2024
Unpatched Remote Code Execution in Gogs High
CVE-2024-44625 was published for gogs.io/gogs (Go) Nov 15, 2024
Stored XSS using two files in usememos/memos Moderate
CVE-2023-0109 was published for github.com/usememos/memos (Go) Nov 15, 2024
Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer High
CVE-2024-52308 was published for github.com/cli/cli (Go) Nov 14, 2024
sarahbarili cmbrose
BlueSzy andyfeller BagToad Ry0taK
Harbor fails to validate the user permissions when updating p2p preheat policies High
CVE-2022-31668 was published for github.com/goharbor/harbor (Go) Nov 14, 2024
Zoraxy has an authenticated command injection in the Web SSH feature High
CVE-2024-52010 was published for github.com/tobychui/zoraxy (Go) Nov 12, 2024
n-thumann
Git credentials are exposed in Atlantis logs High
CVE-2024-52009 was published for github.com/runatlantis/atlantis (Go) Nov 8, 2024
niooss-ledger
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database