Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,134 advisories

Loading
CubeFS leaks magic secret key when starting Blobstore access service Moderate
CVE-2023-46741 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz
Mattermost notified all users in the channel when using WebSockets to respond individually Moderate
CVE-2023-48732 was published for github.com/mattermost/mattermost-server/v6 (Go) Jan 2, 2024
Mattermost viewing archived public channels permissions vulnerability Moderate
CVE-2023-47858 was published for github.com/mattermost/mattermost-server/v6 (Go) Jan 2, 2024
ewen-lbh/ffcss Late-Unicode normalization vulnerability Moderate
CVE-2023-52081 was published for github.com/ewen-lbh/ffcss (Go) Dec 28, 2023
Sim4n6
Deis Workflow Manager race condition vulnerability Moderate
CVE-2016-15036 was published for github.com/deis/workflow-manager (Go) Dec 23, 2023
Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go Moderate
GHSA-mhpq-9638-x6pw was published for github.com/dvsekhvalnov/jose2go (Go) Dec 20, 2023
containerd allows RAPL to be accessible to a container Moderate
GHSA-7ww5-4wqc-m92c was published for github.com/containerd/containerd (Go) Dec 19, 2023
zhangzhics garrisongys
neersighted
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin Moderate
CVE-2023-48795 was published for golang.org/x/crypto (Go) Dec 18, 2023
TrueSkrillor lambdafu
sugar700 levpachmanov
Withdrawn Advisory: Prometheus XSS Vulnerability Moderate
CVE-2019-3826 was published for github.com/prometheus/prometheus (Go) Dec 13, 2023 withdrawn
pdeslaur codeboten
Elastic Beats inserts sensitive information into log file Moderate
CVE-2023-49922 was published for github.com/elastic/beats (Go) Dec 12, 2023
levinebw
User with permission to write actions can impersonate another user when auth token is configured in environment variable Moderate
GHSA-26hr-q2wp-rvc5 was published for github.com/treeverse/lakefs (Go) Dec 12, 2023
nopcoder arielshaqed
Always incorrect control flow in github.com/mojocn/base64Captcha Moderate
CVE-2023-45292 was published for github.com/mojocn/base64Captcha (Go) Dec 12, 2023
Header spoofing in caddy-geo-ip Moderate
CVE-2023-50463 was published for github.com/shift72/caddy-geo-ip (Go) Dec 11, 2023
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-6459 was published for github.com/mattermost/mattermost-server/v6 (Go) Dec 6, 2023
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
lestrrat-go/jwx's malicious parameters in JWE can cause a DOS Moderate
CVE-2023-49290 was published for github.com/lestrrat-go/jwx (Go) Dec 5, 2023
P3ngu1nW
Traefik vulnerable to potential DDoS via ACME HTTPChallenge Moderate
CVE-2023-47124 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass Moderate
CVE-2023-47106 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
Benasin
github.com/go-resty/resty/v2 HTTP request body disclosure Moderate
CVE-2023-45286 was published for github.com/go-resty/resty/v2 (Go) Nov 28, 2023
shanduur Kryvchun
billinghamj deerbone neilgierman hansmi
OwnCast remote code execution vulnerability Moderate
CVE-2023-46480 was published for github.com/owncast/owncast (Go) Nov 28, 2023
Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler Moderate
CVE-2023-48713 was published for knative.dev/serving (Go) Nov 27, 2023
AdamKorcz
Mattermost Uncontrolled Resource Consumption vulnerability Moderate
CVE-2023-48369 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
Mattermost Improper Access Control vulnerability Moderate
CVE-2023-6202 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
Mattermost Uncontrolled Resource Consumption vulnerability Moderate
CVE-2023-48268 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
Mattermost Open Redirect vulnerability Moderate
CVE-2023-47168 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database