Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,134 advisories

Loading
OSV-SCALIBR's Container Image Unpacking Vulnerable to Arbitrary File Write via Path Traversal Moderate
CVE-2025-5981 was published for github.com/google/osv-scalibr (Go) Jun 18, 2025
Malayke
Denial of service via malicious preflight requests in github.com/rs/cors Moderate
CVE-2025-47908 was published for github.com/rs/cors (Go) Jul 5, 2024
HashiCorp Vault ldap auth method may not have correctly enforced MFA Moderate
CVE-2025-6013 was published for github.com/hashicorp/vault (Go) Aug 6, 2025
filebrowser Sets Insecure File Permissions Moderate
CVE-2025-52900 was published for github.com/filebrowser/filebrowser (Go) Jun 27, 2025
mtausig hacdias
Grafana Infinity Datasource Plugin SSRF Vulnerability Moderate
CVE-2025-8341 was published for github.com/grafana/grafana-infinity-datasource (Go) Aug 4, 2025
File Browser vulnerable to insecure password handling Moderate
CVE-2025-52997 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig hacdias
File Browser allows sensitive data to be transferred in URL Moderate
CVE-2025-52901 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig hacdias
Hashicorp Vault has Incorrect Validation for Non-CA Certificates Moderate
CVE-2025-6037 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability Moderate
CVE-2025-6015 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
Hashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse Moderate
CVE-2025-6014 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
Hashicorp Vault has Lockout Feature Authentication Bypass Moderate
CVE-2025-6004 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
ActiveMQ Artemis AMQ Broker Operator Starting Credentials Reuse Moderate
CVE-2025-4057 was published for github.com/arkmq-org/activemq-artemis-operator (Go) May 26, 2025
Gogs XSS allowed by stored call in PDF renderer Moderate
CVE-2025-47943 was published for github.com/gogs/gogs (Go) Jun 26, 2025
edoardottt
OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0 Moderate
CVE-2021-21411 was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Jul 30, 2025
bohrasd
OpenBao Inserts Sensitive Information into Log File when processing malformed data Moderate
CVE-2025-52893 was published for github.com/openbao/openbao/sdk/v2 (Go) Jun 26, 2025
cipherboy
Possible ORM Leak Vulnerability in the Harbor Moderate
CVE-2025-30086 was published for github.com/goharbor/harbor (Go) Jul 23, 2025
Mattermost vulnerable to information disclosure Moderate
CVE-2023-1777 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
Mattermost Server Missing Authorization vulnerability Moderate
CVE-2023-2783 was published for github.com/mattermost/mattermost-server/v6 (Go) Jun 16, 2023
Harbor repository description page has Cross-site Scripting vulnerability Moderate
CVE-2025-32019 was published for github.com/goharbor/harbor (Go) Jul 23, 2025
Safearchive Path Traversal vulnerability Moderate
CVE-2024-10389 was published for github.com/google/safearchive (Go) Nov 4, 2024
Ollama vulnerable to Cross-Domain Token Exposure Moderate
CVE-2025-51471 was published for github.com/ollama/ollama (Go) Jul 22, 2025
Grafana's insecure DingDing Alert integration exposes sensitive information Moderate
CVE-2025-3415 was published for github.com/grafana/grafana (Go) Jul 17, 2025
Mattermost password hash disclosure vulnerability Moderate
CVE-2023-5968 was published for github.com/mattermost/mattermost-server (Go) Nov 6, 2023
MarkLee131
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Moderate
CVE-2024-35255 was published for @azure/identity (Go) Jun 11, 2024
scottaddie localden
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database