Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,904
Erlang
38
GitHub Actions
38
Go
2,566
Maven
5,000+
npm
4,237
NuGet
753
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

269 advisories

Loading
Mattermost allows unsolicited invites to expose access to local channels Critical
CVE-2024-39777 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel Critical
CVE-2024-39274 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
pREST vulnerable to jwt bypass + sql injection Critical
GHSA-wm25-j4gw-6vr3 was published for github.com/prest/prest (Go) Jul 30, 2024
mihail8531
Credited to mihail8531
Authz zero length regression Critical
CVE-2024-41110 was published for github.com/docker/docker (Go) Jul 30, 2024
corhere westonsteimel
debasishbsws
Credited to corhere, westonsteimel, and debasishbsws
Volcano has insecure permissions Critical
CVE-2024-36533 was published for github.com/volcano-sh/volcano (Go) Jul 24, 2024
fabedge has insecure permissions Critical
CVE-2024-36536 was published for github.com/fabedge/fabedge (Go) Jul 24, 2024
1Panel has an SQL injection issue related to the orderBy clause Critical
CVE-2024-39907 was published for github.com/1Panel-dev/1Panel (Go) Jul 18, 2024
xuebibibibibi
Credited to xuebibibibibi
Duplicate Advisory: Gogs allows argument injection during the previewing of changes Critical
GHSA-hf29-9hfh-w63j was published for github.com/gogs/gogs (Go) Jul 4, 2024 withdrawn
Duplicate Advisory: Gogs allows deletion of internal files Critical
GHSA-2vgj-3pvg-xh4w was published for github.com/gogs/gogs (Go) Jul 4, 2024 withdrawn
Duplicate Advisory: github.com/gogs/gogs affected by CVE-2024-39930 Critical
GHSA-p69r-v3h4-rj4f was published for github.com/gogs/gogs (Go) Jul 4, 2024 withdrawn
Missing key verification in gost Critical
CVE-2024-39223 was published for github.com/ginuerzh/gost (Go) Jul 3, 2024
Session Middleware Token Injection Vulnerability Critical
CVE-2024-38513 was published for github.com/gofiber/fiber (Go) Jul 1, 2024
sixcolors
Credited to sixcolors
Gin mishandles a wildcard at the end of an origin string Critical
CVE-2019-25211 was published for github.com/gin-contrib/cors (Go) Jun 29, 2024
rke's credentials are stored in the RKE1 Cluster state ConfigMap Critical
CVE-2023-32191 was published for github.com/rancher/rke (Go) Jun 17, 2024
Files or Directories Accessible to External Parties in ProjectDiscovery Critical
CVE-2024-5262 was published for github.com/projectdiscovery/interactsh (Go) Jun 5, 2024
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache Critical
CVE-2024-31989 was published for github.com/argoproj/argo-cd (Go) May 21, 2024
oreenlivnicode leoluz
crenshaw-dev mkilchhofer todaywasawesome pasha-codefresh
Credited to oreenlivnicode, leoluz, crenshaw-dev, mkilchhofer, todaywasawesome, and pasha-codefresh
Grafana Race condition allowing privilege escalation Critical
CVE-2022-39328 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Fine-grained access control vulnerability Critical
CVE-2021-41244 was published for github.com/grafana/grafana (Go) May 14, 2024
tiagorlampert CHAOS vulnerable to arbitrary code execution Critical
CVE-2024-33434 was published for github.com/tiagorlampert/CHAOS (Go) May 7, 2024
Some CORS middleware allow untrusted origins Critical
GHSA-v84h-653v-4pq9 was published for github.com/jub0bs/fcors (Go) May 3, 2024
jub0bs
Credited to jub0bs
Some CORS middleware allow untrusted origins Critical
GHSA-vhxv-fg4m-p2w8 was published for github.com/jub0bs/cors (Go) May 3, 2024
jub0bs
Credited to jub0bs
Improper Access Control in Gitea Critical
CVE-2020-28991 was published for github.com/go-gitea/gitea (Go) Apr 24, 2024
Privilege Escalation in kubevirt Critical
CVE-2020-14316 was published for kubevirt.io/kubevirt (Go) Apr 24, 2024
HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches Critical
CVE-2024-3817 was published for github.com/hashicorp/go-getter (Go) Apr 17, 2024
Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit Critical
GHSA-v6rw-hhgg-wc4x was published for github.com/evmos/evmos/v11 (Go) Apr 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database