Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

218 advisories

Loading
HashiCorp Vault Incorrect Permission Assignment for Critical Resource Critical
CVE-2021-43998 was published for github.com/hashicorp/vault (Go) Dec 2, 2021
Tarslip in go-unarr Critical
CVE-2021-38197 was published for github.com/gen2brain/go-unarr (Go) Sep 1, 2021
J3rry-1729
HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 Critical
CVE-2021-38553 was published for github.com/hashicorp/vault (Go) Aug 30, 2021
avivdolev
Improper Authenication in Pion DTLS Critical
CVE-2019-20786 was published for github.com/pion/dtls (Go) Jun 29, 2021
Path Traversal in Dutchcoders transfer.sh Critical
CVE-2021-33497 was published for github.com/dutchcoders/transfer.sh (Go) Jun 29, 2021
Denial of service in go-ethereum due to CVE-2020-28362 Critical
GHSA-m6gx-rhvj-fh52 was published for github.com/ethereum/go-ethereum (Go) Jun 29, 2021
XML Processing error in github.com/crewjam/saml Critical
CVE-2020-27846 was published for github.com/crewjam/saml (Go) Jun 23, 2021
Auth bypass in SAML provider Critical
GHSA-433w-mm6h-rv9p was published for github.com/netlify/gotrue (Go) Jun 23, 2021
jupenur
Authentication Bypass in tyk-identity-broker Critical
CVE-2021-23365 was published for github.com/tyktechnologies/tyk-identity-broker (Go) Jun 23, 2021
Elliptic Curve Key Disclosure in go-jose Critical
CVE-2016-9121 was published for github.com/square/go-jose (Go) Jun 23, 2021
Arbitrary code execution due to an uncontrolled search path for the git binary Critical
CVE-2021-28955 was published for github.com/MichaelMure/git-bug (Go) May 25, 2021
Signature Validation Bypass Critical
GHSA-5684-g483-2249 was published for github.com/russellhaering/gosaml2 (Go) May 24, 2021
jupenur
Signature Validation Bypass Critical
GHSA-rrfw-hg9m-j47h was published for github.com/russellhaering/goxmldsig (Go) May 24, 2021
jupenur russellhaering
Improper Authentication in InfluxDB Critical
CVE-2019-20933 was published for github.com/influxdata/influxdb (Go) May 18, 2021
Improper Input Validation in HashiCorp Vault Critical
CVE-2020-12757 was published for github.com/hashicorp/vault-plugin-secrets-gcp (Go) May 18, 2021
Insecure Permissions in Gogs Critical
CVE-2019-14544 was published for gogs.io/gogs (Go) May 18, 2021
Improper Authentication in Apache Traffic Control Critical
CVE-2019-12405 was published for github.com/apache/trafficcontrol (Go) May 18, 2021
Kubernetes Privilege Escalation Critical
CVE-2017-1000056 was published for k8s.io/kubernetes (Go) May 12, 2021
ProTip! Advisories are also available from the GraphQL API