Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

15 advisories

Loading
Link Following in Iris High
CVE-2021-23772 was published for github.com/kataras/iris (Go) Jan 6, 2022
kataras
Zip slip directory exploit in github.com/deislabs/oras High
CVE-2021-21272 was published for github.com/deislabs/oras (Go) Feb 15, 2022
smowton
Arbitrary Code Execution in Docker High
CVE-2014-6407 was published for github.com/docker/docker (Go) Feb 15, 2022
Arbitrary File Write in Libcontainer High
CVE-2015-3629 was published for github.com/docker/docker (Go) Feb 15, 2022
Link Following in Kata Runtime High
CVE-2020-2026 was published for github.com/kata-containers/runtime (Go) Feb 15, 2022
Privilege escalation in beego High
CVE-2021-27117 was published for github.com/beego/beego (Go) Apr 6, 2022
Privilege escalation in beego High
CVE-2021-27116 was published for github.com/beego/beego (Go) Apr 6, 2022
Syncthing vulnerable to symlink traversal and arbitrary file overwrite High
CVE-2017-1000420 was published for github.com/syncthing/syncthing (Go) May 14, 2022
b3log Wide unauthenticated file access High
CVE-2019-13915 was published for github.com/b3log/wide (Go) May 24, 2022
Podman Path Traversal Vulnerability leads to arbitrary file read/write High
CVE-2019-10152 was published for github.com/containers/podman (Go) May 24, 2022
Unsafe tar unpacking in HashiCorp go-slug High
CVE-2020-29529 was published for github.com/hashicorp/go-slug (Go) Feb 6, 2023
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following High
CVE-2023-25152 was published for github.com/pterodactyl/wings (Go) Feb 8, 2023
astro-angelfish
cloudflared's Installer has Local Privilege Escalation Vulnerability High
CVE-2023-1314 was published for github.com/cloudflare/cloudflared (Go) Mar 21, 2023
Buildkite Elastic CI for AWS symbolic link following vulnerability High
CVE-2023-43116 was published for github.com/buildkite/elastic-ci-stack-for-aws/v6 (Go) Dec 22, 2023
HashiCorp Nomad vulnerable to symlink attacks High
CVE-2024-1329 was published for github.com/hashicorp/nomad (Go) Feb 8, 2024
ProTip! Advisories are also available from the GraphQL API