Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

279 advisories

Loading
JUJU_CONTEXT_ID is a predictable authentication secret Moderate
CVE-2024-7558 was published for github.com/juju/juju (Go) Oct 3, 2024
hpidcock lucistanescu
Duplicate Advisory: Juju makes Use of Weak Credentials High
GHSA-phh4-3hmm-24rx was published for github.com/juju/juju (Go) Oct 2, 2024 withdrawn
The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD Moderate
CVE-2024-43803 was published for github.com/metal3-io/baremetal-operator (Go) Sep 3, 2024
runc can be confused to create empty files/directories on the host Low
CVE-2024-45310 was published for github.com/opencontainers/runc (Go) Sep 3, 2024
rata alban
cyphar sdowell
Kanister vulnerable to cluster-level privilege escalation High
CVE-2024-43403 was published for github.com/kanisterio/kanister (Go) Aug 20, 2024
younaman
A security issue was discovered in ingress-nginx where an actor with permission to create Ingress... High Unreviewed
CVE-2024-7646 was published Aug 16, 2024
RBAC Roles for `etcd` created by Kamaji are not disjunct High
CVE-2024-42480 was published for github.com/clastix/kamaji (Go) Aug 12, 2024
SimonKienzler prometherion
Meshery SQL Injection vulnerability Moderate
CVE-2024-35181 was published for github.com/layer5io/meshery (Go) Aug 5, 2024
Meshery SQL Injection vulnerability Moderate
CVE-2024-35182 was published for github.com/layer5io/meshery (Go) Aug 5, 2024
Meshery SQL Injection vulnerability High
CVE-2024-29031 was published for github.com/layer5io/meshery (Go) Aug 5, 2024
Kubernetes sets incorrect permissions on Windows containers logs Moderate
CVE-2024-5321 was published for k8s.io/kubernetes (Go) Jul 18, 2024
GeoServer's Server Status shows sensitive environmental variables and Java properties Moderate
CVE-2024-34696 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
miceg jodygarnett
A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can... High Unreviewed
CVE-2024-5037 was published Jun 5, 2024
A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11... Moderate Unreviewed
CVE-2023-7045 was published May 23, 2024
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache Critical
CVE-2024-31989 was published for github.com/argoproj/argo-cd (Go) May 21, 2024
oreenlivnicode leoluz
crenshaw-dev mkilchhofer todaywasawesome pasha-codefresh
azure-file-csi-driver leaks service account tokens in the logs Moderate
CVE-2024-3744 was published for sigs.k8s.io/azurefile-csi-driver (Go) May 15, 2024
CRI-O vulnerable to an arbitrary systemd property injection High
CVE-2024-3154 was published for github.com/cri-o/cri-o (Go) Apr 30, 2024
AkihiroSuda cclerget
Calico privilege escalation vulnerability Moderate
CVE-2024-33522 was published for github.com/projectcalico/calico (Go) Apr 30, 2024
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources High
CVE-2021-25318 was published for github.com/rancher/rancher (Go) Apr 24, 2024
Rancher Privilege escalation vulnerability via malicious "Connection" header High
CVE-2021-31999 was published for github.com/rancher/rancher (Go) Apr 24, 2024
mattmoyer enj
Rancher's Steve API Component Improper authorization check allows privilege escalation High
CVE-2021-36776 was published for github.com/rancher/rancher (Go) Apr 24, 2024
Kubelet Incorrect Privilege Assignment Moderate
CVE-2019-11245 was published for k8s.io/kubernetes/cmd/kubelet (Go) Apr 24, 2024
Sensitive Information leak via Log File in Kubernetes Moderate
CVE-2020-8563 was published for github.com/kubernetes/kubernetes (Go) Apr 24, 2024
Sensitive Information leak via Log File in Kubernetes Moderate
CVE-2020-8566 was published for github.com/kubernetes/kubernetes (Go) Apr 24, 2024
Denial of service in Kubernetes Moderate
CVE-2020-8557 was published for k8s.io/kubernetes/pkg/kubelet (Go) Apr 24, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database