Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,098
Maven
5,000+
npm
4,984
NuGet
826
pip
4,425
Pub
12
RubyGems
988
Rust
1,170
Swift
50
Unreviewed advisories
All unreviewed
5,000+

19 advisories

Loading
Moby's external DNS requests from 'internal' networks could lead to data exfiltration Moderate
CVE-2024-29018 was published for github.com/docker/docker (Go) Mar 20, 2024
robmry Credited to robmry, akerouanton, neersighted, gabriellavengeo, and cibofo akerouanton akerouanton
neersighted neersighted gabriellavengeo gabriellavengeo cibofo cibofo
Moby (Docker Engine) Insufficiently restricted permissions on data directory Moderate
CVE-2021-41091 was published for github.com/docker/docker (Go) Jan 31, 2024
joanbm Credited to joanbm, AlonZa, and neersighted AlonZa AlonZa
neersighted neersighted
Docker Authentication Bypass High
CVE-2018-12608 was published for github.com/docker/docker (Go) Jan 31, 2024
neersighted Credited to neersighted
moby docker daemon crash during image pull of malicious image Moderate
CVE-2021-21285 was published for github.com/moby/moby (Go) Jan 31, 2024
bgeesaman Credited to bgeesaman, joshlarsen, IanColdwater, mauilion, raesene, cpuguy83, and neersighted joshlarsen joshlarsen
IanColdwater IanColdwater mauilion mauilion raesene raesene cpuguy83 cpuguy83 neersighted neersighted
moby Access to remapped root allows privilege escalation to real root Moderate
CVE-2021-21284 was published for github.com/moby/moby (Go) Jan 31, 2024
ajxchapman Credited to ajxchapman, awprice, nathanburrell, raulgomis, chris-walz, mark-adams, dbaxa, cpuguy83, and neersighted awprice awprice
nathanburrell nathanburrell raulgomis raulgomis chris-walz chris-walz mark-adams mark-adams dbaxa dbaxa cpuguy83 cpuguy83 neersighted neersighted
Path Traversal in Moby builder Moderate
CVE-2020-27534 was published for github.com/docker/docker (Go) Jan 31, 2024
neersighted Credited to neersighted
containerd allows RAPL to be accessible to a container Moderate
GHSA-7ww5-4wqc-m92c was published for github.com/containerd/containerd (Go) Dec 19, 2023
zhangzhics Credited to zhangzhics, garrisongys, and neersighted garrisongys garrisongys
neersighted neersighted
/sys/devices/virtual/powercap accessible by default to containers Moderate
GHSA-jq35-85cj-fj4p was published for github.com/docker/docker (Go) Oct 30, 2023
zhangzhics Credited to zhangzhics, garrisongys, neersighted, gabriellavengeo, and AdallomRoy garrisongys garrisongys
neersighted neersighted gabriellavengeo gabriellavengeo AdallomRoy AdallomRoy
Docker Swarm encrypted overlay network may be unauthenticated High
CVE-2023-28840 was published for github.com/docker/docker (Go) Apr 4, 2023
corhere Credited to corhere, quadespresso, cpuguy83, tianon, neersighted, laurazard, and akerouanton quadespresso quadespresso
cpuguy83 cpuguy83 tianon tianon neersighted neersighted laurazard laurazard akerouanton akerouanton
Docker Swarm encrypted overlay network traffic may be unencrypted Moderate
CVE-2023-28841 was published for github.com/docker/docker (Go) Apr 4, 2023
corhere Credited to corhere, cpuguy83, tianon, laurazard, akerouanton, quadespresso, and neersighted cpuguy83 cpuguy83
tianon tianon laurazard laurazard akerouanton akerouanton quadespresso quadespresso neersighted neersighted
Docker Swarm encrypted overlay network with a single endpoint is unauthenticated Moderate
CVE-2023-28842 was published for github.com/docker/docker (Go) Apr 4, 2023
corhere Credited to corhere, neersighted, cpuguy83, tianon, quadespresso, laurazard, and akerouanton neersighted neersighted
cpuguy83 cpuguy83 tianon tianon quadespresso quadespresso laurazard laurazard akerouanton akerouanton
Container build can leak any path on the host into the container Low
GHSA-vp35-85q5-9f25 was published for github.com/docker/docker (Go) Nov 11, 2022
leonwxqian Credited to leonwxqian, corhere, and neersighted corhere corhere
neersighted neersighted
cleo is vulnerable to Regular Expression Denial of Service (ReDoS) Moderate
CVE-2022-42966 was published for cleo (pip) Nov 10, 2022
neersighted Credited to neersighted and tdunlap607 tdunlap607 tdunlap607
Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions Moderate
CVE-2022-36109 was published for github.com/docker/docker (Go) Sep 16, 2022
sjmurdoch Credited to sjmurdoch, neersighted, and anonymous-nlp-student neersighted neersighted
anonymous-nlp-student anonymous-nlp-student
Poetry Argument Injection can lead to Local Code Execution High
CVE-2022-36069 was published for poetry (pip) Sep 16, 2022
paul-gerste-sonarsource Credited to paul-gerste-sonarsource and neersighted neersighted neersighted
Moby Docker cp broken with debian containers Critical
CVE-2019-14271 was published for github.com/docker/docker (Go) May 24, 2022
yoshizawa-masatoshi Credited to yoshizawa-masatoshi and neersighted neersighted neersighted
Information Exposure in Docker Engine High
CVE-2015-3630 was published for github.com/docker/docker (Go) Feb 15, 2022
neersighted Credited to neersighted
Arbitrary File Override in Docker Engine Moderate
CVE-2015-3631 was published for github.com/docker/docker (Go) Feb 15, 2022
neersighted Credited to neersighted
Path Traversal in Docker Moderate
CVE-2014-9356 was published for github.com/docker/docker (Go) May 18, 2021
picatz Credited to picatz and neersighted neersighted neersighted
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database