Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,493 advisories

Loading
Mattermost Incorrect Type Conversion or Cast Moderate
CVE-2025-21088 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 15, 2025
Gomatrixserverlib Server-Side Request Forgery (SSRF) on redirects and federation Moderate
CVE-2024-52594 was published for github.com/matrix-org/gomatrixserverlib (Go) Jan 16, 2025
matrix-media-repo (MMR) allows denial of service/high operating costs through unauthenticated downloads Moderate
CVE-2024-36403 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
Mattermost fails to properly validate post props Moderate
CVE-2025-20086 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 15, 2025
Mattermost webapp crash via a crafted post Moderate
CVE-2025-20621 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 16, 2025
http-swagger XSS via PUT requests Moderate
CVE-2024-25712 was published for github.com/swaggo/http-swagger (Go) Feb 29, 2024
CVE-2024-5138: snapd snapctl auth bypass Moderate
CVE-2024-5138 was published for github.com/snapcore/snapd (Go) Jan 16, 2025
rmcnamara-snyk
Duplicate Advisory: CVE-2024-5138: snapd snapctl auth bypass High
GHSA-jrr7-64m9-x984 was published for github.com/snapcore/snapd (Go) May 31, 2024 withdrawn
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-22449 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 9, 2025
stevebeattie
Navidrome Stores JWT Secret in Plaintext in navidrome.db High
CVE-2024-56362 was published for github.com/navidrome/navidrome (Go) Dec 23, 2024
saisathvik1
OpenFGA Authorization Bypass Moderate
CVE-2024-56323 was published for github.com/openfga/openfga (Go) Jan 13, 2025
miparnisari
notation-go has an OS error when setting CRL cache leads to denial of signature verification Low
CVE-2024-51491 was published for github.com/notaryproject/notation-go (Go) Jan 13, 2025
Faeris95 JeyJeyGao
shizhMSFT
notation-go's timestamp signature generation lacks certificate revocation check Moderate
CVE-2024-56138 was published for github.com/notaryproject/notation-go (Go) Jan 13, 2025
Faeris95
Signature validation bypass in github.com/moov-io/signedxml Critical
CVE-2023-34205 was published for github.com/moov-io/signedxml (Go) May 30, 2023
Mattermost denial of service through long emoji value Moderate
CVE-2024-24988 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost leaks details of AD/LDAP groups of a teams Moderate
CVE-2024-23493 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability Moderate
CVE-2024-10006 was published for github.com/hashicorp/consul (Go) Oct 31, 2024
Hashicorp Consul Path Traversal vulnerability High
CVE-2024-10005 was published for github.com/hashicorp/consul (Go) Oct 31, 2024
Hashicorp Consul Cross-site Scripting vulnerability Moderate
CVE-2024-10086 was published for github.com/hashicorp/consul (Go) Oct 31, 2024
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh Low
CVE-2025-22149 was published for github.com/MicahParks/jwkset (Go) Jan 9, 2025
rohitkoul
Unencrypted traffic between nodes when using WireGuard and L7 policies Moderate
CVE-2024-28250 was published for github.com/cilium/cilium (Go) Mar 18, 2024
giorio94 brb
jschwinger233
Unencrypted traffic between nodes when using IPsec and L7 policies Moderate
CVE-2024-28249 was published for github.com/cilium/cilium (Go) Mar 18, 2024
giorio94 jschwinger233
julianwiedmann
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss Critical
CVE-2024-21652 was published for github.com/argoproj/argo-cd/v2 (Go) Mar 18, 2024
nadava669 pasha-codefresh
jannfis crenshaw-dev todaywasawesome
Mattermost has Improper Check for Unusual or Exceptional Conditions Low
CVE-2025-22445 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 9, 2025
Mattermost Improper Validation of Specified Type of Input vulnerability Moderate
CVE-2025-20033 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database