Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,493 advisories

Loading
Mattermost Fails to Restrict Bookmark Creation and Updates in Archived Channels Moderate
CVE-2025-24920 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 21, 2025
Kubernetes kube-apiserver Vulnerable to Race Condition Low
CVE-2024-7598 was published for k8s.io/kubernetes/cmd/kube-apiserver (Go) Mar 20, 2025
Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP High
CVE-2024-12886 was published for github.com/ollama/ollama (Go) Mar 20, 2025
Envoy crashes when HTTP ext_proc processes local replies Moderate
CVE-2025-30157 was published for github.com/envoyproxy/envoy (Go) Mar 21, 2025
botengyao yanjunxiang-google
phlax
LocalAI Cross-site Scripting vulnerability Low
CVE-2024-48057 was published for github.com/mudler/LocalAI (Go) Nov 5, 2024
MaysWind ezBookkeeping has Improper Privilege Management Critical
CVE-2024-57604 was published for github.com/mayswind/ezbookkeeping (Go) Feb 13, 2025
CoreDNS vulnerable to TuDoor Attacks High
CVE-2023-28452 was published for github.com/coredns/coredns (Go) Sep 18, 2024
lxd has a restricted TLS certificate privilege escalation when in PKI mode Low
CVE-2024-6219 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing
go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment Low
CVE-2025-29923 was published for github.com/redis/go-redis/v9 (Go) Mar 20, 2025
kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace Critical
CVE-2025-29922 was published for github.com/kcp-dev/kcp (Go) Mar 20, 2025
xmudrii
OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME` Moderate
CVE-2025-29914 was published for github.com/corazawaf/coraza/v3 (Go) Mar 20, 2025
blotus
OpenShift Console Has a Path Traversal Vulnerability Moderate
CVE-2024-7631 was published for github.com/openshift/console (Go) Mar 19, 2025
OpenShift Hive Has an Uncontrolled Resource Consumption Vulnerability Moderate
CVE-2024-25132 was published for github.com/openshift/hive (Go) Mar 19, 2025
Mattermost Fails to Properly Perform Viewer Role Authorization Moderate
CVE-2025-1472 was published for github.com/mattermost/mattermost-server (Go) Mar 19, 2025
buildx allows a possible credential leakage to telemetry endpoint Moderate
CVE-2025-0495 was published for github.com/docker/buildx (Go) Mar 17, 2025
jstawinski
Openshift Hive Exposes VCenter Credentials via ClusterProvision High
CVE-2025-2241 was published for github.com/openshift/hive (Go) Mar 17, 2025
Memory Exhaustion in Expr Parser with Unrestricted Input High
CVE-2025-29786 was published for github.com/expr-lang/expr (Go) Mar 17, 2025
thevilledev
Go Ethereum vulnerable to DoS via malicious p2p message Moderate
CVE-2025-24883 was published for github.com/ethereum/go-ethereum (Go) Jan 30, 2025
iam-ned
onos-lib-go allows an index out-of-range panic Moderate
CVE-2025-30077 was published for github.com/onosproject/onos-lib-go (Go) Mar 16, 2025
Non-linear parsing of case-insensitive content in golang.org/x/net/html High
CVE-2024-45338 was published for golang.org/x/net/html (Go) Dec 18, 2024
mkcops
Gin mishandles a wildcard at the end of an origin string Critical
CVE-2019-25211 was published for github.com/gin-contrib/cors (Go) Jun 29, 2024
Fleet has SAML authentication vulnerability due to improper SAML response validation Critical
CVE-2025-27509 was published for github.com/fleetdm/fleet/v4 (Go) Mar 6, 2025
hakivvi lucasmrod
getvictor rh-colbymorgan jeffssh
Grafana Command Injection And Local File Inclusion Via Sql Expressions Critical
CVE-2024-9264 was published for github.com/grafana/grafana (Go) Oct 18, 2024
Malayke
cheqd-node affected by Non-deterministic JSON Unmarshalling of IBC Acknowledgement Critical
GHSA-33cr-m232-xqch was published for github.com/cheqd/cheqd-node (Go) Mar 11, 2025
swelf19
Nomad is vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs Moderate
CVE-2025-1296 was published for github.com/hashicorp/nomad (Go) Mar 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database