Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,382
Maven
5,000+
npm
4,010
NuGet
720
pip
3,810
Pub
12
RubyGems
930
Rust
987
Swift
38
Unreviewed advisories
All unreviewed
5,000+

124 advisories

Loading
Possible bypass of token claim validation when OAuth2 Introspection caching is enabled High
GHSA-qvp4-rpmr-xwrr was published for github.com/ory/oathkeeper (Go) Jun 23, 2021
flusflas
Improper Authorization in github.com/containers/libpod High
CVE-2021-20188 was published for github.com/containers/libpod (Go) May 18, 2021
Ignition config accessible to unprivileged software on VMware Moderate
CVE-2022-1706 was published for github.com/coreos/ignition (Go) May 25, 2022
jonaz bgilbert
Istio Fragments in Path May Lead to Authorization Policy Bypass High
CVE-2021-39156 was published for istio.io/istio (Go) Aug 30, 2021
yangminzhu
Duplicate advisory: Configuration exposure in github.com/coreos/ignition Moderate
GHSA-mjqc-5c9x-xfcc was published for github.com/coreos/ignition/v2 (Go) May 18, 2022 withdrawn
Istio may allow identity impersonation if user has localhost access High
CVE-2022-39388 was published for github.com/istio/istio (Go) Nov 9, 2022
howardjohn
Exposure of repository credentials to external third-party sources in Rancher High
CVE-2021-36778 was published for github.com/rancher/rancher (Go) May 2, 2022
dasMulli
AAD Pod Identity obtaining token with backslash Moderate
CVE-2022-23551 was published for github.com/Azure/aad-pod-identity (Go) Dec 21, 2022
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Moderate
CVE-2021-38698 was published for github.com/hashicorp/consul (Go) Sep 8, 2021
Broken Authorization in ZITADEL Actions High
CVE-2022-36051 was published for github.com/zitadel/zitadel (Go) Aug 30, 2022
mezdanak
Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace High
CVE-2022-46167 was published for github.com/clastix/capsule (Go) Dec 5, 2022
MaxFedotov whatev3n
Incorrect Authorization with specially crafted requests High
CVE-2021-39206 was published for github.com/pomerium/pomerium (Go) Sep 10, 2021
Incorrect Authorization in ORY Oathkeeper High
CVE-2021-32701 was published for github.com/ory/oathkeeper (Go) Jun 24, 2021
Incorrect Authorization in HashiCorp Consul Moderate
CVE-2020-7955 was published for github.com/hashicorp/consul (Go) Jul 28, 2021
Incorrect Privilege Assignment in HashiCorp Vault High
CVE-2021-42135 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
JWT audience claim is not verified Critical
CVE-2023-22482 was published for github.com/argoproj/argo-cd (Go) Jan 25, 2023
farcaller
Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification High
CVE-2022-2990 was published for github.com/containers/buildah (Go) Sep 14, 2022
gomatrixserverlib and Dendrite vulnerable to incorrect parsing of the event default power level in event auth Moderate
CVE-2022-36009 was published for github.com/matrix-org/dendrite (Go) Aug 30, 2022
Improper Input Validation Moderate
CVE-2021-3499 was published for github.com/ovn-org/ovn-kubernetes (Go) Jun 8, 2021
OIDC claims not updated from Identity Provider in Pomerium Moderate
CVE-2021-41230 was published for github.com/pomerium/pomerium (Go) Nov 10, 2021
Users with any cluster secret update access may update out-of-bounds cluster secrets Critical
CVE-2023-23947 was published for github.com/argoproj/argo-cd (Go) Feb 16, 2023
crenshaw-dev
KubeOperator allows unauthorized access to system API High
CVE-2023-22480 was published for github.com/KubeOperator/KubeOperator (Go) Jan 9, 2023
suanve
Privilege escalation in MOSN Critical
CVE-2021-32163 was published for mosn.io/mosn (Go) Feb 17, 2023
Potential network policy bypass when routing IPv6 traffic Moderate
CVE-2023-27594 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ysksuzuki
On a compromised node, the virt-handler service account can be used to modify all node specs High
CVE-2023-26484 was published for kubevirt.io/kubevirt (Go) Mar 16, 2023
younaman XDTG
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database