Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,493 advisories

Loading
CWA-2023-004: Excessive number of function parameters in compiled Wasm Moderate
GHSA-75qh-gg76-p2w4 was published for cosmwasm-vm (Go) Aug 27, 2024
age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution Moderate
GHSA-32gq-x56h-299c was published for filippo.io/age (Go) Dec 18, 2024
Improper Input Validation in Buildah and Podman Moderate
CVE-2024-9407 was published for github.com/containers/buildah (Go) Oct 1, 2024
Hashicorp Nomad Incorrect Privilege Assignment vulnerability Moderate
CVE-2024-12678 was published for github.com/hashicorp/nomad (Go) Dec 20, 2024
OpenShift Must Gather Operator Improper Input Validation vulnerability High
CVE-2024-25131 was published for github.com/openshift/must-gather (Go) Dec 19, 2024
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service High
GHSA-5pf6-cq2v-23ww was published for github.com/clidey/whodb/core (Go) Dec 19, 2024
thevilledev
Beego has Collision Hazards of MD5 in Cache Key Filenames Moderate
CVE-2024-55885 was published for github.com/beego/beego (Go) Dec 12, 2024
kexinoh
Mattermost Server Resource Exhaustion Low
CVE-2024-28053 was published for github.com/mattermost/mattermost-server (Go) Mar 15, 2024
Unencrypted traffic between pods when using Wireguard and an external kvstore Moderate
CVE-2024-25631 was published for github.com/cilium/cilium (Go) Feb 20, 2024
gandro giorio94
Unencrypted ingress/health traffic when using Wireguard transparent encryption Moderate
CVE-2024-25630 was published for github.com/cilium/cilium (Go) Feb 20, 2024
gandro giorio94
Open Cluster Management vulnerable to Trust Boundary Violation High
CVE-2024-9779 was published for open-cluster-management.io/ocm (Go) Dec 18, 2024
Traefik affected by CVE-2024-53259 Moderate
GHSA-hxr6-2p24-hf98 was published for github.com/traefik/traefik/v2 (Go) Dec 17, 2024
Mattermost Improper Validation of Specified Type of Input vulnerability Moderate
CVE-2024-54083 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 16, 2024
Mattermost Race Condition vulnerability Moderate
CVE-2024-48872 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 16, 2024
Mattermost Data Amplification vulnerability Moderate
CVE-2024-54682 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 16, 2024
Vitess allows HTML injection in /debug/querylogz & /debug/env Moderate
CVE-2024-53257 was published for vitess.io/vitess (Go) Dec 3, 2024
quinox
Potential Vulnerabilities Due to Outdated golang.org/x/crypto Dependency in NanoProxy High
GHSA-7prj-hgx4-2xc3 was published for github.com/ryanbekhen/nanoproxy (Go) Dec 12, 2024
Kubernetes kubelet arbitrary command execution High
CVE-2024-10220 was published for k8s.io/kubernetes (Go) Nov 22, 2024
Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service Moderate
CVE-2024-12289 was published for github.com/hashicorp/boundary (Go) Dec 13, 2024
Mattermost Server Improper Access Control Moderate
CVE-2024-29221 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
Mattermost Server Improper Access Control Low
CVE-2024-21848 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
Mattermost fails to limit the number of role names Moderate
CVE-2024-1953 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost race condition Low
CVE-2024-1949 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost Server doesn't limit the number of user preferences Moderate
CVE-2024-28949 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
pgx SQL Injection via Protocol Message Size Overflow High
CVE-2024-27304 was published for github.com/jackc/pgx (Go) Mar 4, 2024
paul-gerste-sonarsource
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database