Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,464
Erlang
33
GitHub Actions
22
Go
2,163
Maven
5,000+
npm
3,821
NuGet
696
pip
3,502
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

987 advisories

Loading
HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net Moderate
CVE-2025-22870 was published for golang.org/x/net (Go) Mar 12, 2025
Duplicate Advisory: Plenti - Code Injection - Denial of Services Moderate
GHSA-323w-6p85-26fr was published for github.com/plentico/plenti (Go) Mar 12, 2025 withdrawn
LF Edge eKuiper allows Stored XSS in Rules Functionality Moderate
CVE-2024-52812 was published for github.com/lf-edge/ekuiper (Go) Mar 10, 2025
TheMostKnown ngjaying
Nomad is vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs Moderate
CVE-2025-1296 was published for github.com/hashicorp/nomad (Go) Mar 10, 2025
Envoy Gateway Log Injection Vulnerability Moderate
CVE-2025-25294 was published for github.com/envoyproxy/gateway (Go) Mar 6, 2025
denniskniep zirain
guydc
In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim Moderate
CVE-2025-27155 was published for github.com/matrix-org/pinecone (Go) Mar 4, 2025
Treanglex
MinIO allows an SFTP authentication bypass due to improperly trusted SSH key Moderate
CVE-2025-27414 was published for github.com/minio/minio (Go) Mar 3, 2025
donatello ston1th
Memos Server-Side Request Forgery (SSRF) Moderate
CVE-2025-22952 was published for github.com/usememos/memos (Go) Feb 27, 2025
Rancher's SAML-based login via CLI can be denied by unauthenticated users Moderate
CVE-2025-23387 was published for github.com/rancher/rancher (Go) Feb 27, 2025
Navidrome allows an authentication bypass in Subsonic API with non-existent username Moderate
CVE-2025-27112 was published for github.com/navidrome/navidrome (Go) Feb 25, 2025
daniele-athome
DoS in go-jose Parsing Moderate
CVE-2025-27144 was published for github.com/go-jose/go-jose (Go) Feb 24, 2025
Mattermost fails to restrict channel export of archived channels Moderate
CVE-2025-24526 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 24, 2025
lakeFS allows an authenticated user to cause a crash by exhausting server memory Moderate
CVE-2025-27100 was published for github.com/treeverse/lakefs (Go) Feb 21, 2025
arielshaqed ItamarYuran
SSRF in sliver teamserver Moderate
CVE-2025-27090 was published for github.com/bishopfox/sliver (Go) Feb 19, 2025
chebuya
OpenFGA Authorization Bypass Moderate
CVE-2025-25196 was published for github.com/openfga/openfga (Go) Feb 19, 2025
`gh attestation verify` returns incorrect exit code during verification if no attestations are present Moderate
CVE-2025-25204 was published for github.com/cli/cli/v2 (Go) Feb 14, 2025
codysoyland phillmv
kommendorkapten jkylekelly
Node Denial of Service via kubelet Checkpoint API Moderate
CVE-2025-0426 was published for k8s.io/kubernetes (Go) Feb 13, 2025
Missing rate limit in MaysWind ezBookkeeping Moderate
CVE-2024-57603 was published for github.com/mayswind/ezbookkeeping (Go) Feb 13, 2025
Potential Denial-of-Service condition leading to temporary disability in IBC transfers to the native chain Moderate
GHSA-6fgm-x6ff-w78f was published for github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4 (Go) Feb 12, 2025
Plenti - Code Injection - Denial of Services Moderate
CVE-2025-26260 was published for github.com/plentico/plenti (Go) Feb 5, 2025
ahmetak4n
wasmvm: Malicious smart contract can slow down block production Moderate
GHSA-mx2j-7cmv-353c was published for cosmwasm-vm (Go) Feb 4, 2025
wasmvm: Malicious smart contract can crash the chain Moderate
GHSA-23qp-3c2m-xx6w was published for github.com/CosmWasm/wasmvm (Go) Feb 4, 2025
CometBFT allows a malicious peer to make node stuck in blocksync Moderate
CVE-2025-24371 was published for github.com/cometbft/cometbft (Go) Feb 3, 2025
unknownfeature
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission Moderate
CVE-2024-11741 was published for github.com/grafana/grafana (Go) Jan 31, 2025
Argo CD does not scrub secret values from patch errors Moderate
CVE-2025-23216 was published for github.com/argoproj/argo-cd (Go) Jan 30, 2025
svghadi
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database