Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,111
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,491 advisories

Loading
go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment Low
CVE-2025-29923 was published for github.com/redis/go-redis/v9 (Go) Mar 20, 2025
kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace Critical
CVE-2025-29922 was published for github.com/kcp-dev/kcp (Go) Mar 20, 2025
xmudrii
OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME` Moderate
CVE-2025-29914 was published for github.com/corazawaf/coraza/v3 (Go) Mar 20, 2025
blotus
Kubernetes kube-apiserver Vulnerable to Race Condition Low
CVE-2024-7598 was published for k8s.io/kubernetes/cmd/kube-apiserver (Go) Mar 20, 2025
Ollama Denial of Service (DoS) via Null Pointer Dereference High
CVE-2025-0312 was published for github.com/ollama/ollama (Go) Mar 20, 2025
Ollama Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2025-0315 was published for github.com/ollama/ollama (Go) Mar 20, 2025
Ollama Divide By Zero vulnerability High
CVE-2025-0317 was published for github.com/ollama/ollama (Go) Mar 20, 2025
LocalAI Cross-Site Scripting (XSS) vulnerability in its search functionality Moderate
CVE-2024-9900 was published for github.com/mudler/LocalAI (Go) Mar 20, 2025
Ollama Divide by Zero Vulnerability High
CVE-2024-8063 was published for github.com/ollama/ollama (Go) Mar 20, 2025
Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP High
CVE-2024-12886 was published for github.com/ollama/ollama (Go) Mar 20, 2025
Ollama Allows Out-of-Bounds Read High
CVE-2024-12055 was published for github.com/ollama/ollama (Go) Mar 20, 2025
OpenShift Console Has a Path Traversal Vulnerability Moderate
CVE-2024-7631 was published for github.com/openshift/console (Go) Mar 19, 2025
OpenShift Hive Has an Uncontrolled Resource Consumption Vulnerability Moderate
CVE-2024-25132 was published for github.com/openshift/hive (Go) Mar 19, 2025
Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter High
CVE-2025-30153 was published for github.com/getkin/kin-openapi (Go) Mar 19, 2025
blotus dwertent
Mattermost Fails to Properly Perform Viewer Role Authorization Moderate
CVE-2025-1472 was published for github.com/mattermost/mattermost-server (Go) Mar 19, 2025
buildx allows a possible credential leakage to telemetry endpoint Moderate
CVE-2025-0495 was published for github.com/docker/buildx (Go) Mar 17, 2025
jstawinski
Memory Exhaustion in Expr Parser with Unrestricted Input High
CVE-2025-29786 was published for github.com/expr-lang/expr (Go) Mar 17, 2025
thevilledev
Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD Moderate
CVE-2025-29781 was published for github.com/metal3-io/baremetal-operator/apis (Go) Mar 17, 2025
WHALEEYE debuggerchen
containerd has an integer overflow in User ID handling Moderate
CVE-2024-40635 was published for github.com/containerd/containerd (Go) Mar 17, 2025
p4ck3t0 emxll
Openshift Hive Exposes VCenter Credentials via ClusterProvision High
CVE-2025-2241 was published for github.com/openshift/hive (Go) Mar 17, 2025
onos-lib-go allows an index out-of-range panic Moderate
CVE-2025-30077 was published for github.com/onosproject/onos-lib-go (Go) Mar 16, 2025
Kubernetes GitRepo Volume Inadvertent Local Repository Access Moderate
CVE-2025-1767 was published for k8s.io/kubernetes (Go) Mar 13, 2025
Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API Moderate
CVE-2024-9042 was published for k8s.io/kubernetes (Go) Mar 13, 2025
cheqd-node Security patch for upstream vulnerabilities in IBC-Go (ISA-2025-001) and Cosmos SDK (ISA-2025-002) Critical
GHSA-h2rp-8vpx-q9r4 was published for github.com/cheqd/cheqd-node (Go) Mar 13, 2025
gjermundgaraba
HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net Moderate
CVE-2025-22870 was published for golang.org/x/net (Go) Mar 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database