Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,134 advisories

Loading
Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking Moderate
CVE-2024-7625 was published for github.com/hashicorp/nomad (Go) Aug 15, 2024
Cosmos Hub (Gaia): The check for the height of cryptographic equivocation evidence is missing Moderate
GHSA-83qr-9v2h-qxp4 was published for github.com/cosmos/gaia (Go) Aug 14, 2024
open-telemetry has an Observable Timing Discrepancy Moderate
CVE-2024-42368 was published for github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension (Go) Aug 13, 2024
axw arminru
frzifus mx-psi evan-bradley
Apache Answer: The link for resetting user password is not Single-Use Moderate
CVE-2024-41888 was published for github.com/apache/incubator-answer (Go) Aug 12, 2024
Apache Answer: The link to reset the user's password will remain valid after sending a new link Moderate
CVE-2024-41890 was published for github.com/apache/incubator-answer (Go) Aug 12, 2024
CosmWasm wasmd has large address count in ValidateBasic Moderate
GHSA-m3rh-cvr5-x6q4 was published for github.com/CosmWasm/wasmd (Go) Aug 8, 2024
sushiwushi
Gas mispricing in cosmwasm-vm Moderate
GHSA-rg2q-2jh9-447q was published for cosmwasm-vm (Go) Aug 8, 2024
unknownfeature
Gorush uses deprecated TLS versions Moderate
CVE-2024-41270 was published for github.com/appleboy/gorush (Go) Aug 6, 2024
Owncast Path Traversal vulnerability Moderate
CVE-2024-31450 was published for github.com/owncast/owncast (Go) Aug 5, 2024
Meshery SQL Injection vulnerability Moderate
CVE-2024-35181 was published for github.com/layer5io/meshery (Go) Aug 5, 2024
Meshery SQL Injection vulnerability Moderate
CVE-2024-35182 was published for github.com/layer5io/meshery (Go) Aug 5, 2024
gotortc Cross-site Scripting vulnerability Moderate
CVE-2024-29191 was published for github.com/AlexxIT/go2rtc (Go) Aug 5, 2024
gotortc Cross-site Scripting vulnerability Moderate
CVE-2024-29193 was published for github.com/AlexxIT/go2rtc (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /api/resource Moderate
CVE-2024-29030 was published for github.com/usememos/memos (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta Moderate
CVE-2024-29028 was published for github.com/usememos/memos (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting Moderate
CVE-2024-29029 was published for github.com/usememos/memos (Go) Aug 5, 2024
lorawan-stack Open Redirect vulnerability Moderate
CVE-2023-26494 was published for go.thethings.network/lorawan-stack/v3 (Go) Aug 5, 2024
In regclient, pinned manifest digests may be ignored Moderate
CVE-2025-24882 was published for github.com/regclient/regclient (Go) Aug 5, 2024
APM Server vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2024-37286 was published for github.com/elastic/apm-server (Go) Aug 3, 2024
Navidrome uses MD5 hashing algorithm Moderate
CVE-2024-41259 was published for github.com/navidrome/navidrome (Go) Aug 1, 2024
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification Moderate
CVE-2024-41264 was published for github.com/casdoor/casdoor (Go) Aug 1, 2024
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling Moderate
CVE-2024-39832 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost allows remote actor to set arbitrary RemoteId values for synced users Moderate
CVE-2024-41926 was published for github.com/mattermost/mattermost (Go) Aug 1, 2024
Mattermost allows a remote actor to make an arbitrary local channel read-only Moderate
CVE-2024-41162 was published for github.com/mattermost/mattermost (Go) Aug 1, 2024
Mattermost allows a user on a remote to set their remote username prop to an arbitrary string Moderate
CVE-2024-39839 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database