Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,150
Maven
5,000+
npm
3,815
NuGet
690
pip
3,490
Pub
12
RubyGems
902
Rust
900
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,150 advisories

Loading
lxd has a restricted TLS certificate privilege escalation when in PKI mode Low
CVE-2024-6219 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing
Hugo does not escape some attributes in internal templates Moderate
CVE-2024-55601 was published for github.com/gohugoio/hugo (Go) Dec 9, 2024
jmooring
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability Moderate
CVE-2024-54132 was published for github.com/cli/cli (Go) Dec 4, 2024
andyfeller jtmcg
williammartin BagToad parablack
Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3) High
CVE-2024-54131 was published for github.com/kolide/launcher (Go) Dec 3, 2024
Vitess allows HTML injection in /debug/querylogz & /debug/env Moderate
CVE-2024-53257 was published for vitess.io/vitess (Go) Dec 3, 2024
quinox
Access to Archived Argo Workflows with Fake Token in `client` mode Moderate
CVE-2024-53862 was published for github.com/argoproj/argo-workflows/v3 (Go) Dec 2, 2024
ljyanesm agilgur5
BunkerWeb has Open Redirect Vulnerability in Loading Page Moderate
CVE-2024-53264 was published for github.com/bunkerity/bunkerweb (Go) Dec 2, 2024
adventure8812
quic-go affected by an ICMP Packet Too Large Injection Attack on Linux Moderate
CVE-2024-53259 was published for github.com/quic-go/quic-go (Go) Dec 2, 2024
sftpgo vulnerable to brute force takeover of OpenID Connect session cookies Moderate
CVE-2024-52801 was published for github.com/drakkan/sftpgo/v2 (Go) Dec 2, 2024
denisvr72
Traefik's X-Forwarded-Prefix Header still allows for Open Redirect Moderate
CVE-2024-52003 was published for github.com/traefik/traefik/v2 (Go) Dec 2, 2024
kunte0
Moby Race Condition vulnerability High
CVE-2024-36621 was published for github.com/moby/moby (Go) Nov 29, 2024
Moby Race Condition vulnerability High
CVE-2024-36623 was published for github.com/moby/moby (Go) Nov 29, 2024
NULL Pointer Dereference on moby image history Moderate
CVE-2024-36620 was published for github.com/moby/moby (Go) Nov 29, 2024
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts Moderate
CVE-2024-53858 was published for github.com/cli/cli/v2 (Go) Nov 27, 2024
BagToad andyfeller
williammartin jtmcg Ry0taK
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace Moderate
CVE-2024-53859 was published for github.com/cli/go-gh (Go) Nov 27, 2024
BagToad williammartin
andyfeller jtmcg Ry0taK
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access Moderate
CVE-2024-8676 was published for github.com/cri-o/cri-o (Go) Nov 26, 2024
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion Moderate
CVE-2024-43784 was published for github.com/treeverse/lakefs (Go) Nov 26, 2024
N-o-Z
Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges Moderate
CVE-2024-52529 was published for github.com/cilium/cilium (Go) Nov 25, 2024
Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws High
GHSA-7f6p-phw2-8253 was published for github.com/taurusgroup/multi-party-sig (Go) Nov 25, 2024
OpenShift Console Server Side Request Forgery vulnerability Moderate
CVE-2024-6538 was published for github.com/openshift/console (Go) Nov 25, 2024
Kubernetes kubelet arbitrary command execution High
CVE-2024-10220 was published for k8s.io/kubernetes (Go) Nov 22, 2024
Apache Answer: Predictable Authorization Token Using UUIDv1 Low
CVE-2024-45719 was published for github.com/apache/incubator-answer (Go) Nov 22, 2024
SFTPGo allows administrators to restrict command execution from the EventManager Moderate
CVE-2024-52309 was published for github.com/drakkan/sftpgo/v2 (Go) Nov 21, 2024
hyperreality
cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs Moderate
GHSA-r4pg-vg54-wxx4 was published for github.com/cert-manager/cert-manager (Go) Nov 20, 2024
Rancher Helm Applications may have sensitive values leaked Moderate
CVE-2024-52282 was published for github.com/rancher/rancher (Go) Nov 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database