Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,232
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,345
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

901 advisories

Loading
Traefik vulnerable to potential DDoS via ACME HTTPChallenge Moderate
CVE-2023-47124 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
Harbor fails to validate the user permissions when updating a robot account Moderate
CVE-2022-31667 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
andrewpollock
Harbor fails to validate the user permissions when updating tag immutability policies Moderate
CVE-2022-31669 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
michaelkedar
Stored XSS using two files in usememos/memos Moderate
CVE-2023-0109 was published for github.com/usememos/memos (Go) Nov 15, 2024
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission Moderate
CVE-2024-46989 was published for github.com/authzed/spicedb (Go) Sep 18, 2024
tim-mod
CoreDNS Cache Poisoning via a birthday attack Moderate
CVE-2023-30464 was published for github.com/coredns/coredns (Go) Sep 18, 2024
OpenShift Controller Manager Improper Privilege Management Moderate
CVE-2024-45496 was published for github.com/openshift/openshift-controller-manager (Go) Sep 17, 2024
OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer Moderate
CVE-2024-7387 was published for github.com/openshift/builder (Go) Sep 17, 2024
Default installation of `synthetic-monitoring-agent` exposes sensitive information Moderate
CVE-2022-46156 was published for github.com/grafana/synthetic-monitoring-agent (Go) Sep 6, 2024
iamwillbar
runc can be confused to create empty files/directories on the host Moderate
CVE-2024-45310 was published for github.com/opencontainers/runc (Go) Sep 3, 2024
rata alban
cyphar sdowell
Hwameistor Potential Permission Leakage of Cluster Level Moderate
CVE-2024-45054 was published for github.com/hwameistor/hwameistor (Go) Aug 29, 2024
younaman
req may send an unintended request when a malformed URL is provided Moderate
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
Mattermost allows team admin user without "Add Team Members" permission to disable invite URL Moderate
CVE-2024-40884 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Openshift Console insufficient entropy vulnerability Moderate
CVE-2024-6508 was published for github.com/openshift/console (Go) Aug 21, 2024
CosmWasm wasmd has large address count in ValidateBasic Moderate
GHSA-m3rh-cvr5-x6q4 was published for github.com/CosmWasm/wasmd (Go) Aug 8, 2024
sushiwushi
Owncast Path Traversal vulnerability Moderate
CVE-2024-31450 was published for github.com/owncast/owncast (Go) Aug 5, 2024
Mattermost failed to properly validate synced reactions Moderate
CVE-2024-29977 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost failed to disallow the modification of local users when syncing users in shared channels Moderate
CVE-2024-36492 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost allows remote actor to set arbitrary RemoteId values for synced users Moderate
CVE-2024-41926 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost did not properly restrict channel creation Moderate
CVE-2024-39837 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Woodpecker's custom environment variables allow to alter execution flow of plugins Moderate
CVE-2024-41122 was published for go.woodpecker-ci.org/woodpecker (Go) Jul 19, 2024
SpiceDB exclusions can result in no permission returned when permission expected Moderate
CVE-2024-38361 was published for github.com/authzed/spicedb (Go) Jun 20, 2024
Grafana Stored Cross-site Scripting in Unified Alerting Moderate
CVE-2022-31097 was published for github.com/grafana/grafana (Go) May 14, 2024
Mattermost Jira Plugin does not properly check security levels Moderate
CVE-2024-24774 was published for github.com/mattermost/mattermost-plugin-jira (Go) Feb 9, 2024
registry-support: decompress can delete files outside scope via relative paths Moderate
CVE-2024-1485 was published for github.com/devfile/registry-support/registry-library (Go) Feb 14, 2024
cebarks
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database