Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,134 advisories

Loading
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-45223 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-43754 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
Mattermost Uncontrolled Resource Consumption vulnerability Moderate
CVE-2023-40703 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
Mattermost Improper Access Control vulnerability Moderate
CVE-2023-47865 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
Decryption of malicious PBES2 JWE objects can consume unbounded system resources Moderate
GHSA-2c7c-3mj9-8fqh was published for github.com/go-jose/go-jose/v3 (Go) Nov 21, 2023
mcpherrinm
Gitsign's Rekor public keys fetched from upstream API instead of local TUF client. Moderate
CVE-2023-47122 was published for github.com/sigstore/gitsign (Go) Nov 14, 2023
adityasaky
capsule-proxy service discloses Namespaces of colliding tenants to owners of different tenants with the same ServiceAccount name Moderate
CVE-2023-46254 was published for github.com/projectcapsule/capsule (Go) Nov 7, 2023
mtheeren-asml prometherion
Mattermost vulnerable to excessive memory consumption Moderate
CVE-2023-5969 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 6, 2023
MarkLee131
Mattermost password hash disclosure vulnerability Moderate
CVE-2023-5968 was published for github.com/mattermost/mattermost-server (Go) Nov 6, 2023
MarkLee131
Mattermost denial of service vulnerability Moderate
CVE-2023-5967 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 6, 2023
SpiceDB leaks information in log files when URI cannot be parsed Moderate
CVE-2023-46255 was published for github.com/authzed/spicedb (Go) Oct 31, 2023
TimDiekmann
Duplicate Advisory: NATS.io: Adding accounts for just the system account adds auth bypass Moderate
GHSA-4frv-5fj6-4p25 was published for github.com/nats-io/nats-server/v2 (Go) Oct 30, 2023 withdrawn
/sys/devices/virtual/powercap accessible by default to containers Moderate
GHSA-jq35-85cj-fj4p was published for github.com/docker/docker (Go) Oct 30, 2023
zhangzhics garrisongys
neersighted gabriellavengeo AdallomRoy
Kube-proxy may unintentionally forward traffic Moderate
CVE-2021-25736 was published for k8s.io/kubernetes (Go) Oct 30, 2023
Jumpserver Koko vulnerable to remote code execution on the host system via MongoDB shell Moderate
CVE-2023-43651 was published for github.com/jumpserver/koko (Go) Oct 24, 2023
oskar-zeinomahmalat-sonarsource
ydb-go-sdk token in custom credentials object can leak through logs Moderate
CVE-2023-45825 was published for github.com/ydb-platform/ydb-go-sdk/v3 (Go) Oct 19, 2023
sumerki2020 se-foster
blinkov
Artifact Hub has Incorrect Docker Hub registry check Moderate
CVE-2023-45821 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
Arduino Create Agent path traversal - arbitrary file deletion vulnerability Moderate
CVE-2023-43803 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84
Arduino Create Agent path traversal - arbitrary file deletion vulnerability Moderate
CVE-2023-43801 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84
Traefik vulnerable to HTTP/2 request causing denial of service Moderate
GHSA-7v4p-328v-8v5g was published for github.com/traefik/traefik (Go) Oct 17, 2023
Google Sheets data source plugin for Grafana information disclosure vulnerability Moderate
CVE-2023-4457 was published for github.com/grafana/google-sheets-datasource (Go) Oct 16, 2023
Grafana privilege escalation vulnerability Moderate
CVE-2023-4822 was published for github.com/grafana/grafana (Go) Oct 16, 2023
ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting Moderate
CVE-2023-44399 was published for github.com/zitadel/zitadel (Go) Oct 10, 2023
hoseph livio-a
fforootd adlerhurst
Harbor timing attack risk Moderate
CVE-2023-20902 was published for github.com/goharbor/harbor (Go) Oct 10, 2023
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime faroukfaiz10
DuyTran-TomTom derekheld ebickle westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database