GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
935 advisories
Filter by severity
CWA-2023-004: Excessive number of function parameters in compiled Wasm
Moderate
GHSA-75qh-gg76-p2w4
was published
for
cosmwasm-vm
(Go)
Aug 27, 2024
age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
Moderate
GHSA-32gq-x56h-299c
was published
for
filippo.io/age
(Go)
Dec 18, 2024
HTTP/2 Stream Cancellation Attack
Moderate
CVE-2023-44487
was published
for
com.typesafe.akka:akka-http-core
(Go)
Oct 10, 2023
Improper Input Validation in Buildah and Podman
Moderate
CVE-2024-9407
was published
for
github.com/containers/buildah
(Go)
Oct 1, 2024
Hashicorp Nomad Incorrect Privilege Assignment vulnerability
Moderate
CVE-2024-12678
was published
for
github.com/hashicorp/nomad
(Go)
Dec 20, 2024
Beego has Collision Hazards of MD5 in Cache Key Filenames
Moderate
CVE-2024-55885
was published
for
github.com/beego/beego
(Go)
Dec 12, 2024
Unencrypted traffic between pods when using Wireguard and an external kvstore
Moderate
CVE-2024-25631
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
Unencrypted ingress/health traffic when using Wireguard transparent encryption
Moderate
CVE-2024-25630
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access
Moderate
CVE-2024-8676
was published
for
github.com/cri-o/cri-o
(Go)
Nov 26, 2024
Traefik affected by CVE-2024-53259
Moderate
GHSA-hxr6-2p24-hf98
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 17, 2024
Mattermost Improper Validation of Specified Type of Input vulnerability
Moderate
CVE-2024-54083
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 16, 2024
Mattermost Race Condition vulnerability
Moderate
CVE-2024-48872
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 16, 2024
Mattermost Data Amplification vulnerability
Moderate
CVE-2024-54682
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 16, 2024
Vitess allows HTML injection in /debug/querylogz & /debug/env
Moderate
CVE-2024-53257
was published
for
vitess.io/vitess
(Go)
Dec 3, 2024
Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service
Moderate
CVE-2024-12289
was published
for
github.com/hashicorp/boundary
(Go)
Dec 13, 2024
Mattermost Server Improper Access Control
Moderate
CVE-2024-29221
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
Mattermost fails to limit the number of role names
Moderate
CVE-2024-1953
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost Server doesn't limit the number of user preferences
Moderate
CVE-2024-28949
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
kcp's impersonation allows access to global administrative groups
Moderate
GHSA-c7xh-gjv4-4jgv
was published
for
github.com/kcp-dev/kcp
(Go)
Dec 11, 2024
SiYuan has an SSTI via /api/template/renderSprig
Moderate
CVE-2024-55660
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
Duplicate Advisory: cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs
Moderate
CVE-2024-12401
was published
for
github.com/cert-manager/cert-manager
(Go)
Dec 12, 2024
•
withdrawn
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace
Moderate
CVE-2024-53859
was published
for
github.com/cli/go-gh
(Go)
Nov 27, 2024
Kubelet vulnerable to bypass of seccomp profile enforcement
Moderate
CVE-2023-2431
was published
for
k8s.io/kubernetes
(Go)
Jun 16, 2023
Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse
Moderate
CVE-2023-26248
was published
for
github.com/libp2p/go-libp2p-kad-dht
(Go)
Oct 25, 2024
Infinite loop in github.com/gomarkdown/markdown
Moderate
CVE-2024-44337
was published
for
github.com/gomarkdown/markdown
(Go)
Oct 15, 2024
ProTip!
Advisories are also available from the
GraphQL API