GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
882 advisories
Filter by severity
Mattermost Server Improper Access Control
Moderate
CVE-2024-29221
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
Mattermost fails to authenticate the source of certain types of post actions
Moderate
CVE-2024-2447
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
Mattermost Server doesn't limit the number of user preferences
Moderate
CVE-2024-28949
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
net/http, x/net/http2: close connections when receiving too many headers
Moderate
CVE-2023-45288
was published
for
golang.org/x/net
(Go)
Apr 4, 2024
HashiCorpVault does not correctly validate OCSP responses
Moderate
CVE-2024-2660
was published
for
github.com/hashicorp/vault
(Go)
Apr 4, 2024
Duplicate Advisory: Pebble service manager's file pull API allows access by any user
Moderate
GHSA-65pc-76pq-pvf5
was published
for
github.com/canonical/pebble
(Go)
Apr 4, 2024
•
withdrawn
Temporal Server Denial of Service
Moderate
CVE-2024-2689
was published
for
github.com/temporalio/temporal
(Go)
Apr 4, 2024
KubeVirt NULL pointer dereference flaw
Moderate
CVE-2024-31420
was published
for
kubevirt.io/kubevirt
(Go)
Apr 3, 2024
Temporal UI Server cross-site scripting vulnerability
Moderate
CVE-2024-2435
was published
for
github.com/temporalio/ui-server/v2
(Go)
Apr 2, 2024
CA17 TeamsACS Cross Site Scripting vulnerability
Moderate
CVE-2024-22780
was published
for
github.com/ca17/teamsacs
(Go)
Apr 2, 2024
LocalAI cross-site request forgery vulnerability
Moderate
CVE-2024-3135
was published
for
github.com/go-skynet/LocalAI
(Go)
Apr 1, 2024
CasaOS Username Enumeration - Bypass of CVE-2024-24766
Moderate
CVE-2024-28232
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Apr 1, 2024
ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-29893
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 29, 2024
ZITADEL's actions can overload reserved claims
Moderate
CVE-2024-29892
was published
for
github.com/zitadel/zitadel
(Go)
Mar 28, 2024
Duplicate Advisory: Grafana vulnerable to authorization bypass
Moderate
GHSA-mh7p-8m2f-qrm6
was published
for
github.com/grafana/grafana
(Go)
Mar 26, 2024
•
withdrawn
Moby's external DNS requests from 'internal' networks could lead to data exfiltration
Moderate
CVE-2024-29018
was published
for
github.com/docker/docker
(Go)
Mar 20, 2024
Unencrypted traffic between nodes when using WireGuard and L7 policies
Moderate
CVE-2024-28250
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Unencrypted traffic between nodes when using IPsec and L7 policies
Moderate
CVE-2024-28249
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
Moderate
CVE-2024-21662
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 18, 2024
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss
Moderate
CVE-2024-21652
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 18, 2024
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime
Moderate
CVE-2023-51699
was published
for
github.com/fluid-cloudnative/fluid
(Go)
Mar 15, 2024
Users with `create` but not `override` privileges can perform local sync
Moderate
CVE-2023-50726
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
1Panel is vulnerable to command injection
Moderate
CVE-2024-2352
was published
for
github.com/1Panel-dev/1Panel
(Go)
Mar 10, 2024
JWX vulnerable to a denial of service attack using compressed JWE message
Moderate
CVE-2024-28122
was published
for
github.com/lestrrat-go/jwx
(Go)
Mar 8, 2024
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
Moderate
CVE-2024-28180
was published
for
github.com/go-jose/go-jose/v3
(Go)
Mar 7, 2024
ProTip!
Advisories are also available from the
GraphQL API