Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,134 advisories

Loading
ginuerzh/gost vulnerable to Timing Attack Moderate
CVE-2023-32691 was published for github.com/ginuerzh/gost (Go) May 22, 2023
Potential Denial-of-Service condition leading to temporary disability in IBC transfers to the native chain Moderate
GHSA-6fgm-x6ff-w78f was published for github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4 (Go) Feb 12, 2025
Envoy Gateway Log Injection Vulnerability Moderate
CVE-2025-25294 was published for github.com/envoyproxy/gateway (Go) Mar 6, 2025
denniskniep zirain
guydc
In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim Moderate
CVE-2025-27155 was published for github.com/matrix-org/pinecone (Go) Mar 4, 2025
Treanglex
Duplicate Advisory: Plenti - Code Injection - Denial of Services Moderate
GHSA-323w-6p85-26fr was published for github.com/plentico/plenti (Go) Mar 12, 2025 withdrawn
Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API Moderate
CVE-2024-9042 was published for k8s.io/kubernetes (Go) Mar 13, 2025
Apache Answer: The link for resetting user password is not Single-Use Moderate
CVE-2024-41888 was published for github.com/apache/incubator-answer (Go) Aug 12, 2024
Apache Answer: The link to reset the user's password will remain valid after sending a new link Moderate
CVE-2024-41890 was published for github.com/apache/incubator-answer (Go) Aug 12, 2024
Kubernetes GitRepo Volume Inadvertent Local Repository Access Moderate
CVE-2025-1767 was published for k8s.io/kubernetes (Go) Mar 13, 2025
LF Edge eKuiper allows Stored XSS in Rules Functionality Moderate
CVE-2024-52812 was published for github.com/lf-edge/ekuiper (Go) Mar 10, 2025
TheMostKnown ngjaying
Plenti - Code Injection - Denial of Services Moderate
CVE-2025-26260 was published for github.com/plentico/plenti (Go) Feb 5, 2025
ahmetak4n
Nomad is vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs Moderate
CVE-2025-1296 was published for github.com/hashicorp/nomad (Go) Mar 10, 2025
onos-lib-go allows an index out-of-range panic Moderate
CVE-2025-30077 was published for github.com/onosproject/onos-lib-go (Go) Mar 16, 2025
Go Ethereum vulnerable to DoS via malicious p2p message Moderate
CVE-2025-24883 was published for github.com/ethereum/go-ethereum (Go) Jan 30, 2025
iam-ned
buildx allows a possible credential leakage to telemetry endpoint Moderate
CVE-2025-0495 was published for github.com/docker/buildx (Go) Mar 17, 2025
jstawinski
Mattermost Fails to Properly Perform Viewer Role Authorization Moderate
CVE-2025-1472 was published for github.com/mattermost/mattermost-server (Go) Mar 19, 2025
OpenShift Hive Has an Uncontrolled Resource Consumption Vulnerability Moderate
CVE-2024-25132 was published for github.com/openshift/hive (Go) Mar 19, 2025
OpenShift Console Has a Path Traversal Vulnerability Moderate
CVE-2024-7631 was published for github.com/openshift/console (Go) Mar 19, 2025
OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME` Moderate
CVE-2025-29914 was published for github.com/corazawaf/coraza/v3 (Go) Mar 20, 2025
blotus
Envoy crashes when HTTP ext_proc processes local replies Moderate
CVE-2025-30157 was published for github.com/envoyproxy/envoy (Go) Mar 21, 2025
botengyao yanjunxiang-google
phlax
Mattermost Fails to Restrict Bookmark Creation and Updates in Archived Channels Moderate
CVE-2025-24920 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 21, 2025
Mattermost Fails to Enforce Certain Search APIs Moderate
CVE-2025-30179 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 21, 2025
Mattermost allows members with permission to convert public channels to private and convert private to public Moderate
CVE-2025-27933 was published for github.com/mattermost/mattermost-server (Go) Mar 21, 2025
ingress-nginx controller - auth secret file path traversal vulnerability Moderate
CVE-2025-24513 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD Moderate
CVE-2025-29781 was published for github.com/metal3-io/baremetal-operator/apis (Go) Mar 17, 2025
WHALEEYE debuggerchen
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database