Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,153
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,451
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

34 advisories

Loading
Privilege escalation to cluster admin on multi-tenant environments High
CVE-2021-41254 was published for github.com/fluxcd/kustomize-controller (Go) Nov 15, 2021
AdamKorcz Credited to AdamKorcz and DavidKorczynski DavidKorczynski DavidKorczynski
Node DOS by way of memory exhaustion through ExecSync request in CRI-O High
CVE-2022-1708 was published for github.com/cri-o/cri-o (Go) Jun 6, 2022
DavidKorczynski Credited to DavidKorczynski and AdamKorcz AdamKorcz AdamKorcz
containerd CRI plugin: Host memory exhaustion through ExecSync Moderate
CVE-2022-31030 was published for github.com/containerd/containerd (Go) Jun 6, 2022
DavidKorczynski Credited to DavidKorczynski and AdamKorcz AdamKorcz AdamKorcz
Uses of deprecated API can be used to cause DoS in user-facing endpoints High
CVE-2022-31054 was published for github.com/argoproj/argo-events (Go) Jun 17, 2022
DavidKorczynski Credited to DavidKorczynski and AdamKorcz AdamKorcz AdamKorcz
Insecure path traversal in Git Trigger Source can lead to arbitrary file read High
CVE-2022-25856 was published for github.com/argoproj/argo-events (Go) Jun 17, 2022
DavidKorczynski Credited to DavidKorczynski and AdamKorcz AdamKorcz AdamKorcz
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params High
CVE-2022-31034 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
crenshaw-dev Credited to crenshaw-dev, jgwest, AdamKorcz, and DavidKorczynski jgwest jgwest
AdamKorcz AdamKorcz DavidKorczynski DavidKorczynski
Argo CD's external URLs for Deployments can include JavaScript Critical
CVE-2022-31035 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
DavidKorczynski Credited to DavidKorczynski and AdamKorcz AdamKorcz AdamKorcz
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server Moderate
CVE-2022-31036 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
AdamKorcz Credited to AdamKorcz and DavidKorczynski DavidKorczynski DavidKorczynski
CloudCore CSI Driver: Malicious response from KubeEdge can crash CSI Driver controller server Moderate
CVE-2022-31077 was published for github.com/kubeedge/kubeedge (Go) Jun 25, 2022
DavidKorczynski Credited to DavidKorczynski and AdamKorcz AdamKorcz AdamKorcz
CloudCore UDS Server: Malicious Message can crash CloudCore Moderate
CVE-2022-31076 was published for github.com/kubeedge/kubeedge (Go) Jun 25, 2022
DavidKorczynski Credited to DavidKorczynski and AdamKorcz AdamKorcz AdamKorcz
KubeEdge Edge ServiceBus module DoS Moderate
CVE-2022-31073 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski Credited to DavidKorczynski and AdamKorcz AdamKorcz AdamKorcz
KubeEdge Cloud AdmissionController component DoS Moderate
CVE-2022-31074 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski Credited to DavidKorczynski and AdamKorcz AdamKorcz AdamKorcz
KubeEdge DoS when signing the CSR from EdgeCore Moderate
CVE-2022-31075 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski Credited to DavidKorczynski and AdamKorcz AdamKorcz AdamKorcz
KubeEdge CloudCore Router memory exhaustion vulnerability Moderate
CVE-2022-31078 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski Credited to DavidKorczynski and AdamKorcz AdamKorcz AdamKorcz
KubeEdge Cloud Stream and Edge Stream DoS from large stream message Moderate
CVE-2022-31079 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
AdamKorcz Credited to AdamKorcz and DavidKorczynski DavidKorczynski DavidKorczynski
DoS in KubeEdge's Websocket Client in package Viaduct Moderate
CVE-2022-31080 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski Credited to DavidKorczynski and AdamKorcz AdamKorcz AdamKorcz
Argo CD certificate verification is skipped for connections to OIDC providers High
CVE-2022-31105 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
jannfis Credited to jannfis, crenshaw-dev, DavidKorczynski, and AdamKorcz crenshaw-dev crenshaw-dev
DavidKorczynski DavidKorczynski AdamKorcz AdamKorcz
Argo CD SSO users vulnerable to Cross-site Scripting Low
CVE-2022-31102 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
AdamKorcz Credited to AdamKorcz, DavidKorczynski, and tdunlap607 DavidKorczynski DavidKorczynski
tdunlap607 tdunlap607
Helm Vulnerable to denial of service through string value parsing Moderate
CVE-2022-36055 was published for helm.sh/helm/v3 (Go) Aug 30, 2022
DavidKorczynski Credited to DavidKorczynski and AdamKorcz AdamKorcz AdamKorcz
Helm vulnerable to denial of service through string value parsing Moderate
CVE-2022-23524 was published for helm.sh/helm/v3 (Go) Dec 14, 2022
DavidKorczynski Credited to DavidKorczynski and AdamKorcz AdamKorcz AdamKorcz
Helm vulnerable to denial of service through through repository index file Moderate
CVE-2022-23525 was published for helm.sh/helm/v3 (Go) Dec 14, 2022
AdamKorcz Credited to AdamKorcz and DavidKorczynski DavidKorczynski DavidKorczynski
Helm vulnerable to denial of service through schema file Moderate
CVE-2022-23526 was published for helm.sh/helm/v3 (Go) Dec 14, 2022
DavidKorczynski Credited to DavidKorczynski and AdamKorcz AdamKorcz AdamKorcz
OCI image importer memory exhaustion in github.com/containerd/containerd Moderate
CVE-2023-25153 was published for github.com/containerd/containerd (Go) Feb 16, 2023
AdamKorcz Credited to AdamKorcz and DavidKorczynski DavidKorczynski DavidKorczynski
Crossplane-runtime contains Improper Input Validation via Compositions Moderate
CVE-2023-27484 was published for github.com/crossplane/crossplane (Go) Mar 10, 2023
phisco Credited to phisco, AdamKorcz, and DavidKorczynski AdamKorcz AdamKorcz
DavidKorczynski DavidKorczynski
fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime Moderate
CVE-2023-27483 was published for github.com/crossplane/crossplane-runtime (Go) Mar 13, 2023
phisco Credited to phisco, AdamKorcz, and DavidKorczynski AdamKorcz AdamKorcz
DavidKorczynski DavidKorczynski
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database