Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

19 advisories

Loading
Moby's external DNS requests from 'internal' networks could lead to data exfiltration Moderate
CVE-2024-29018 was published for github.com/docker/docker (Go) Mar 20, 2024
robmry akerouanton
neersighted gabriellavengeo cibofo
Credited to robmry, akerouanton, neersighted, gabriellavengeo, and cibofo
Moby (Docker Engine) Insufficiently restricted permissions on data directory Moderate
CVE-2021-41091 was published for github.com/docker/docker (Go) Jan 31, 2024
joanbm AlonZa
neersighted
Credited to joanbm, AlonZa, and neersighted
Docker Authentication Bypass High
CVE-2018-12608 was published for github.com/docker/docker (Go) Jan 31, 2024
neersighted
Credited to neersighted
moby docker daemon crash during image pull of malicious image Moderate
CVE-2021-21285 was published for github.com/moby/moby (Go) Jan 31, 2024
bgeesaman joshlarsen
IanColdwater mauilion raesene cpuguy83 neersighted
Credited to bgeesaman, joshlarsen, IanColdwater, mauilion, raesene, cpuguy83, and neersighted
moby Access to remapped root allows privilege escalation to real root Moderate
CVE-2021-21284 was published for github.com/moby/moby (Go) Jan 31, 2024
ajxchapman awprice
nathanburrell raulgomis chris-walz mark-adams dbaxa cpuguy83 neersighted
Credited to ajxchapman, awprice, nathanburrell, raulgomis, chris-walz, mark-adams, dbaxa, cpuguy83, and neersighted
Path Traversal in Moby builder Moderate
CVE-2020-27534 was published for github.com/docker/docker (Go) Jan 31, 2024
neersighted
Credited to neersighted
containerd allows RAPL to be accessible to a container Moderate
GHSA-7ww5-4wqc-m92c was published for github.com/containerd/containerd (Go) Dec 19, 2023
zhangzhics garrisongys
neersighted
Credited to zhangzhics, garrisongys, and neersighted
/sys/devices/virtual/powercap accessible by default to containers Moderate
GHSA-jq35-85cj-fj4p was published for github.com/docker/docker (Go) Oct 30, 2023
zhangzhics garrisongys
neersighted gabriellavengeo AdallomRoy
Credited to zhangzhics, garrisongys, neersighted, gabriellavengeo, and AdallomRoy
Docker Swarm encrypted overlay network may be unauthenticated High
CVE-2023-28840 was published for github.com/docker/docker (Go) Apr 4, 2023
corhere quadespresso
cpuguy83 tianon neersighted laurazard akerouanton
Credited to corhere, quadespresso, cpuguy83, tianon, neersighted, laurazard, and akerouanton
Docker Swarm encrypted overlay network traffic may be unencrypted Moderate
CVE-2023-28841 was published for github.com/docker/docker (Go) Apr 4, 2023
corhere cpuguy83
tianon laurazard akerouanton quadespresso neersighted
Credited to corhere, cpuguy83, tianon, laurazard, akerouanton, quadespresso, and neersighted
Docker Swarm encrypted overlay network with a single endpoint is unauthenticated Moderate
CVE-2023-28842 was published for github.com/docker/docker (Go) Apr 4, 2023
corhere neersighted
cpuguy83 tianon quadespresso laurazard akerouanton
Credited to corhere, neersighted, cpuguy83, tianon, quadespresso, laurazard, and akerouanton
Container build can leak any path on the host into the container Low
GHSA-vp35-85q5-9f25 was published for github.com/docker/docker (Go) Nov 11, 2022
leonwxqian corhere
neersighted
Credited to leonwxqian, corhere, and neersighted
cleo is vulnerable to Regular Expression Denial of Service (ReDoS) Moderate
CVE-2022-42966 was published for cleo (pip) Nov 10, 2022
neersighted tdunlap607
Credited to neersighted and tdunlap607
Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions Moderate
CVE-2022-36109 was published for github.com/docker/docker (Go) Sep 16, 2022
sjmurdoch neersighted
anonymous-nlp-student
Credited to sjmurdoch, neersighted, and anonymous-nlp-student
Poetry Argument Injection can lead to Local Code Execution High
CVE-2022-36069 was published for poetry (pip) Sep 16, 2022
paul-gerste-sonarsource neersighted
Credited to paul-gerste-sonarsource and neersighted
Moby Docker cp broken with debian containers Critical
CVE-2019-14271 was published for github.com/docker/docker (Go) May 24, 2022
yoshizawa-masatoshi neersighted
Credited to yoshizawa-masatoshi and neersighted
Arbitrary File Override in Docker Engine Moderate
CVE-2015-3631 was published for github.com/docker/docker (Go) Feb 15, 2022
neersighted
Credited to neersighted
Information Exposure in Docker Engine High
CVE-2015-3630 was published for github.com/docker/docker (Go) Feb 15, 2022
neersighted
Credited to neersighted
Path Traversal in Docker Moderate
CVE-2014-9356 was published for github.com/docker/docker (Go) May 18, 2021
picatz neersighted
Credited to picatz and neersighted
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database