Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

2,095 advisories

Loading
Vitess allows HTML injection in /debug/querylogz & /debug/env Moderate
CVE-2024-53257 was published for vitess.io/vitess (Go) Dec 3, 2024
quinox
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto Critical
CVE-2024-45337 was published for golang.org/x/crypto (Go) Dec 11, 2024
ryanbekhen SuperSandro2000
Potential Vulnerabilities Due to Outdated golang.org/x/crypto Dependency in NanoProxy High
GHSA-7prj-hgx4-2xc3 was published for github.com/ryanbekhen/nanoproxy (Go) Dec 12, 2024
Kubernetes kubelet arbitrary command execution High
CVE-2024-10220 was published for k8s.io/kubernetes (Go) Nov 22, 2024
Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service Moderate
CVE-2024-12289 was published for github.com/hashicorp/boundary (Go) Dec 13, 2024
Mattermost Server Improper Access Control Moderate
CVE-2024-29221 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
Mattermost Server Improper Access Control Low
CVE-2024-21848 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
Mattermost fails to limit the number of role names Moderate
CVE-2024-1953 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost race condition Low
CVE-2024-1949 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost Server doesn't limit the number of user preferences Moderate
CVE-2024-28949 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
pgx SQL Injection via Protocol Message Size Overflow High
CVE-2024-27304 was published for github.com/jackc/pgx (Go) Mar 4, 2024
paul-gerste-sonarsource
CasaOS contains weak JWT secrets Critical
CVE-2023-37266 was published for github.com/IceWhaleTech/CasaOS (Go) Jul 17, 2023
thomas-chauchefoin-sonarsource
CasaOS Gateway vulnerable to incorrect identification of source IP addresses Critical
CVE-2023-37265 was published for github.com/IceWhaleTech/CasaOS-Gateway (Go) Jul 17, 2023
thomas-chauchefoin-sonarsource
Path Traversal in Buildah High
CVE-2020-10696 was published for github.com/containers/buildah (Go) May 18, 2021
kcp's impersonation allows access to global administrative groups Moderate
GHSA-c7xh-gjv4-4jgv was published for github.com/kcp-dev/kcp (Go) Dec 11, 2024
SiYuan has an SSTI via /api/template/renderSprig Moderate
CVE-2024-55660 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
SiYuan has an arbitrary file write in the host via /api/asset/upload High
CVE-2024-55659 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
Duplicate Advisory: cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs Moderate
CVE-2024-12401 was published for github.com/cert-manager/cert-manager (Go) Dec 12, 2024 withdrawn
SiYuan has an arbitrary file read and path traversal via /api/export/exportResources High
CVE-2024-55658 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
SiYuan has an arbitrary file read via /api/template/render High
CVE-2024-55657 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace Moderate
CVE-2024-53859 was published for github.com/cli/go-gh (Go) Nov 27, 2024
BagToad williammartin
andyfeller jtmcg Ry0taK
Harbor fails to validate the user permissions when updating p2p preheat policies High
CVE-2022-31668 was published for github.com/goharbor/harbor (Go) Nov 14, 2024
Kubelet vulnerable to bypass of seccomp profile enforcement Moderate
CVE-2023-2431 was published for k8s.io/kubernetes (Go) Jun 16, 2023
Ollama Out-of-bounds Read High
CVE-2024-39720 was published for github.com/ollama/ollama (Go) Oct 31, 2024
Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse Moderate
CVE-2023-26248 was published for github.com/libp2p/go-libp2p-kad-dht (Go) Oct 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database