Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

333 advisories

Loading
Answer Missing Authorization vulnerability Low
CVE-2023-2590 was published for github.com/answerdev/answer (Go) May 9, 2023
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints Low
CVE-2023-30844 was published for github.com/mutagen-io/mutagen (Go) May 5, 2023
Under-validated ComSpec and cmd.exe resolution in Mutagen projects Low
GHSA-fwj4-72fm-c93g was published for github.com/mutagen-io/mutagen (Go) May 5, 2023
Hop-by-hop abuse to malform header mutator Low
GHSA-w9mr-28mw-j8hg was published for github.com/ory/oathkeeper (Go) Apr 26, 2023
viters Credited to viters
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc Low
CVE-2023-25809 was published for github.com/opencontainers/runc (Go) Mar 30, 2023
AkihiroSuda Credited to AkihiroSuda
Answer vulnerable to Business Logic Errors Low
CVE-2023-1541 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Panic due to malformed WALs in go.etcd.io/etcd Low
CVE-2020-15106 was published for go.etcd.io/etcd (Go) Feb 7, 2023
Duplicate Advisory: GoBase Race Condition vulnerability Low
GHSA-4348-x292-h437 was published for github.com/ntbosscher/gobase (Go) Dec 28, 2022 withdrawn
Buildah (as part of Podman) vulnerable to Path Traversal Low
CVE-2022-4123 was published for github.com/containers/podman/v4 (Go) Dec 8, 2022
Traefik may display authorization header in the debug logs Low
CVE-2022-23469 was published for github.com/traefik/traefik/v2 (Go) Dec 8, 2022
teler dashboard vulnerable to DOM-based cross-site scripting (XSS) Low
CVE-2022-23466 was published for teler.app (Go) Dec 6, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF Low
CVE-2022-41925 was published for tailscale.com/cmd (Go) Nov 21, 2022
emilytrau Credited to emilytrau and JJJollyjim JJJollyjim JJJollyjim
Container build can leak any path on the host into the container Low
GHSA-vp35-85q5-9f25 was published for github.com/docker/docker (Go) Nov 11, 2022
leonwxqian Credited to leonwxqian, corhere, and neersighted corhere corhere
neersighted neersighted
HashiCorp Nomad vulnerable to Insufficient Session Expiration Low
CVE-2022-3867 was published for github.com/hashicorp/nomad (Go) Nov 10, 2022
tdunlap607 Credited to tdunlap607
etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery Low
GHSA-9gp7-6833-wv89 was published for go.etcd.io/etcd/client/v3 (Go) Oct 6, 2022
etcd user credentials are stored in WAL logs in plaintext Low
GHSA-528j-9r78-wffx was published for go.etcd.io/etcd/client/v3 (Go) Oct 6, 2022
tdunlap607 Credited to tdunlap607
etcd vulnerable to TOCTOU of gateway endpoint authentication Low
GHSA-h8g9-6gvh-5mrc was published for go.etcd.io/etcd/v3 (Go) Oct 6, 2022
Go-tuf Improperly handles multiple key IDs for the same public keys in attacker-controlled metadata Low
GHSA-3633-5h82-39pq was published for github.com/theupdateframework/go-tuf (Go) Sep 16, 2022
cedricvanrompay-datadog Credited to cedricvanrompay-datadog, 0xVijay, kommendorkapten, and rdimitrov 0xVijay 0xVijay
kommendorkapten kommendorkapten rdimitrov rdimitrov
Cilium host policy bypass in endpoint-routes mode with dual-stack Low
GHSA-wc5v-r48v-g4vh was published for github.com/cilium/cilium (Go) Jul 15, 2022
pchaigno Credited to pchaigno
Argo CD SSO users vulnerable to Cross-site Scripting Low
CVE-2022-31102 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
AdamKorcz Credited to AdamKorcz, DavidKorczynski, and tdunlap607 DavidKorczynski DavidKorczynski
tdunlap607 tdunlap607
Cross site scripting via cookies in gogs Low
GHSA-pj96-4jhv-v792 was published for gogs.io/gogs (Go) Jun 2, 2022
Kubernetes Secrets Store CSI Driver plugins arbitrary file write Low
CVE-2020-8567 was published for github.com/Azure/secrets-store-csi-driver-provider-azure (Go) May 24, 2022
Mattermost Server allows System Admin to modify LDAP account names and email addresses Low
CVE-2016-11077 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Caddy allows enumeration of Certificates and Hostnames Low
CVE-2018-19148 was published for github.com/caddyserver/caddy (Go) May 14, 2022
Kubernetes in OpenShift3 Access Control Misconfiguration Low
CVE-2015-7561 was published for k8s.io/kubernetes (Go) May 13, 2022
ProTip! Advisories are also available from the GraphQL API