Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2,018 advisories

Loading
NULL Pointer Dereference on moby image history Moderate
CVE-2024-36620 was published for github.com/moby/moby (Go) Nov 29, 2024
Portainer improperly uses an encryption algorithm in the AesEncrypt function High
CVE-2024-33662 was published for github.com/portainer/portainer (Go) Oct 2, 2024
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability Moderate
CVE-2024-54132 was published for github.com/cli/cli (Go) Dec 4, 2024
andyfeller jtmcg
williammartin BagToad
Moby Race Condition vulnerability High
CVE-2024-36623 was published for github.com/moby/moby (Go) Nov 29, 2024
Moby Race Condition vulnerability High
CVE-2024-36621 was published for github.com/moby/moby (Go) Nov 29, 2024
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access Moderate
CVE-2024-8676 was published for github.com/cri-o/cri-o (Go) Nov 26, 2024
quic-go affected by an ICMP Packet Too Large Injection Attack on Linux Moderate
CVE-2024-53259 was published for github.com/quic-go/quic-go (Go) Dec 2, 2024
Rancher Login Parameter Can Be Edited Moderate
CVE-2019-11881 was published for github.com/rancher/rancher (Go) May 24, 2022
Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges Moderate
CVE-2024-52529 was published for github.com/cilium/cilium (Go) Nov 25, 2024
gqlparser denial of service vulnerability via the parserDirectives function Moderate
CVE-2023-49559 was published for github.com/vektah/gqlparser (Go) Jun 12, 2024
Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3) High
CVE-2024-54131 was published for github.com/kolide/launcher (Go) Dec 3, 2024
Vitess allows HTML injection in /debug/querylogz & /debug/env Moderate
CVE-2024-53257 was published for vitess.io/vitess (Go) Dec 3, 2024
quinox
Access to Archived Argo Workflows with Fake Token in `client` mode Moderate
CVE-2024-53862 was published for github.com/argoproj/argo-workflows/v3 (Go) Dec 2, 2024
ljyanesm agilgur5
BunkerWeb has Open Redirect Vulnerability in Loading Page Moderate
CVE-2024-53264 was published for github.com/bunkerity/bunkerweb (Go) Dec 2, 2024
adventure8812
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts Moderate
CVE-2024-53858 was published for github.com/cli/cli/v2 (Go) Nov 27, 2024
BagToad andyfeller
williammartin jtmcg Ry0taK
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace Moderate
CVE-2024-53859 was published for github.com/cli/go-gh/v2 (Go) Nov 27, 2024
BagToad williammartin
andyfeller jtmcg Ry0taK
SFTPGo allows administrators to restrict command execution from the EventManager Moderate
CVE-2024-52309 was published for github.com/drakkan/sftpgo/v2 (Go) Nov 21, 2024
hyperreality
sftpgo vulnerable to brute force takeover of OpenID Connect session cookies Moderate
CVE-2024-52801 was published for github.com/drakkan/sftpgo/v2 (Go) Dec 2, 2024
denisvr72
Traefik's X-Forwarded-Prefix Header still allows for Open Redirect Moderate
CVE-2024-52003 was published for github.com/traefik/traefik/v2 (Go) Dec 2, 2024
kunte0
Kubernetes kubelet arbitrary command execution High
CVE-2024-10220 was published for k8s.io/kubernetes (Go) Nov 22, 2024
Apache Answer: Predictable Authorization Token Using UUIDv1 Low
CVE-2024-45719 was published for github.com/apache/incubator-answer (Go) Nov 22, 2024
PingCAP TiDB nil pointer dereference Moderate
CVE-2024-37820 was published for github.com/pingcap/tidb (Go) Jun 25, 2024
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion Moderate
CVE-2024-43784 was published for github.com/treeverse/lakefs (Go) Nov 26, 2024
N-o-Z
Podman affected by CVE-2024-1753 container escape at build time Moderate
CVE-2024-1753 was published for github.com/containers/podman/v4 (Go) Mar 28, 2024
rmcnamara-snyk
Improper Input Validation in Buildah and Podman Moderate
CVE-2024-9407 was published for github.com/containers/buildah (Go) Oct 1, 2024
ProTip! Advisories are also available from the GraphQL API