Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,162 advisories

Loading
Ollama vulnerable to Cross-Domain Token Exposure Moderate
CVE-2025-51471 was published for github.com/ollama/ollama (Go) Jul 22, 2025
Mattermost has a Missing Authorization vulnerability Moderate
CVE-2025-41410 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Mattermost has a Missing Authorization vulnerability Moderate
CVE-2025-41443 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents Moderate
CVE-2025-62375 was published for github.com/in-toto/go-witness (Go) Oct 15, 2025
jkjell
Credited to jkjell
gnark-crypto doesn't range check input values during ECDSA and EdDSA signature deserialization Moderate
GHSA-fr8m-434r-g3xp was published for github.com/consensys/gnark-crypto (Go) Oct 15, 2025
Omni is Vulnerable to DoS via Empty Create/Update Resource Requests Moderate
CVE-2025-59836 was published for github.com/siderolabs/omni (Go) Oct 13, 2025
1c3t0rm nicomda
utkuozdemir
Credited to 1c3t0rm, nicomda, and utkuozdemir
Velociraptor vulnerable to privilege escalation via UpdateConfig artifact Moderate
CVE-2025-6264 was published for www.velocidex.com/golang/velociraptor (Go) Jun 20, 2025
chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes Moderate
GHSA-vrw8-fxc6-2r93 was published for github.com/go-chi/chi/v5 (Go) Jun 20, 2025
anuraagbaishya
Credited to anuraagbaishya
Coder AgentAPI exposed user chat history via a DNS rebinding attack Moderate
CVE-2025-59956 was published for github.com/coder/agentapi (Go) Sep 29, 2025
eharris128
Credited to eharris128
Hyperledger Fabric does not verify request has a timestamp within the expected time window Moderate
CVE-2024-45244 was published for github.com/hyperledger/fabric (Go) Aug 25, 2024
rardecode: DoS risk due to unrestricted RAR dictionary sizes Moderate
CVE-2025-11579 was published for github.com/nwaples/rardecode/v2 (Go) Oct 10, 2025
Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret Moderate
CVE-2025-61926 was published for github.com/ossf/allstar (Go) Oct 10, 2025
AdamKorcz justaugustus
Credited to AdamKorcz and justaugustus
Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server Moderate
CVE-2025-54288 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Canonical LXD Project Existence Determination Through Error Handling in Image Export Function Moderate
CVE-2025-54290 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Canonical LXD Project Existence Determination Through Error Handling in Image Get Function Moderate
CVE-2025-54291 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint Moderate
CVE-2025-54468 was published for github.com/rancher/rancher (Go) Sep 26, 2025
Repository Credentials Race Condition Crashes Argo CD Server Moderate
CVE-2025-55191 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 30, 2025
thevilledev
Credited to thevilledev
Calico vulnerable to pod route hijacking Moderate
CVE-2022-28224 was published for github.com/projectcalico/calico (Go) Jun 7, 2022
joshbressers
Credited to joshbressers
go-f3 Vulnerable to Cached Justification Verification Bypass Moderate
CVE-2025-59941 was published for github.com/filecoin-project/go-f3 (Go) Sep 29, 2025
lgprbs
Credited to lgprbs
github.com/nyaruka/phonenumbers Vulnerable to Improper Validation of Syntactic Correctness of Input Moderate
CVE-2025-10954 was published for github.com/nyaruka/phonenumbers (Go) Sep 27, 2025
Grafana-Zabbix ReDoS vulnerability Moderate
CVE-2025-10630 was published for github.com/alexanderzobnin/grafana-zabbix (Go) Sep 19, 2025
DragonFly's tiny file download uses hard coded HTTP protocol Moderate
CVE-2025-59410 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
DragonFly has weak integrity checks for downloaded files Moderate
CVE-2025-59354 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
DragonFly vulnerable to arbitrary file read and write on a peer machine Moderate
CVE-2025-59352 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error Moderate
CVE-2025-59351 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database