Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,134 advisories

Loading
Mattermost Fails to Restrict Command Execution in Archived Channels Moderate
CVE-2025-25274 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 21, 2025
Mattermost Fails to Enforce Certain Search APIs Moderate
CVE-2025-30179 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 21, 2025
Mattermost allows members with permission to convert public channels to private and convert private to public Moderate
CVE-2025-27933 was published for github.com/mattermost/mattermost-server (Go) Mar 21, 2025
Envoy crashes when HTTP ext_proc processes local replies Moderate
CVE-2025-30157 was published for github.com/envoyproxy/envoy (Go) Mar 21, 2025
botengyao yanjunxiang-google
phlax
Kyverno ignores subjectRegExp and IssuerRegExp Moderate
CVE-2025-29778 was published for github.com/kyverno/kyverno (Go) Mar 24, 2025
frgt10cs
ingress-nginx controller - auth secret file path traversal vulnerability Moderate
CVE-2025-24513 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
github.com/jaredallard/archives Has Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Moderate
GHSA-j95m-rcjp-q69h was published for github.com/jaredallard/archives (Go) Mar 28, 2025
ccojocar
go.rgst.io/stencil/v2 vulnerable to Path Traversal Moderate
GHSA-p799-q2pr-6mxj was published for go.rgst.io/stencil/v2 (Go) Mar 29, 2025
Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times Moderate
CVE-2025-31135 was published for github.com/phires/go-guerrilla (Go) Apr 1, 2025
Zenexer
Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler Moderate
CVE-2023-27592 was published for miniflux.app/v2 (Go) Apr 2, 2025
fguillot 40826d
Miniflux Media Proxy vulnerable to Stored Cross-site Scripting due to improper Content-Security-Policy configuration Moderate
CVE-2025-31483 was published for miniflux.app/v2 (Go) Apr 4, 2025
Ry0taK takumi-san-ai
bep/imagemeta allows excessively large EXIF data structures Moderate
CVE-2025-32024 was published for github.com/bep/imagemeta (Go) Apr 9, 2025
jupenur
bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing Moderate
CVE-2025-32025 was published for github.com/bep/imagemeta (Go) Apr 9, 2025
jupenur
Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination Moderate
CVE-2025-32386 was published for helm.sh/helm/v3 (Go) Apr 10, 2025
jake-ciolek
Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow Moderate
CVE-2025-32387 was published for helm.sh/helm/v3 (Go) Apr 10, 2025
jake-ciolek
CVE-2025-1386- Query smuggling in ch-go library Moderate
CVE-2025-1386 was published for github.com/ClickHouse/ch-go (Go) Apr 12, 2025
Mattermost Fails to Restrict Certain Operations on System Admins Moderate
CVE-2025-32093 was published for github.com/mattermost/mattermost-server (Go) Apr 14, 2025
gorilla/csrf CSRF vulnerability due to broken Referer validation Moderate
CVE-2025-24358 was published for github.com/gorilla/csrf (Go) Apr 14, 2025
patrickod
Mattermost vulnerable to Incorrect Implementation of Authentication Algorithm Moderate
CVE-2025-2475 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 14, 2025
kbsteere
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2025-27571 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
kbsteere
Mattermost vulnerable to Observable Timing Discrepancy Moderate
CVE-2025-27936 was published for github.com/mattermost/mattermost-plugin-msteams (Go) Apr 16, 2025
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2025-2564 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
golang.org/x/net vulnerable to Cross-site Scripting Moderate
CVE-2025-22872 was published for golang.org/x/net (Go) Apr 16, 2025
one-api Cross-site Scripting vulnerability Moderate
CVE-2025-3801 was published for github.com/songquanpeng/one-api (Go) Apr 19, 2025
GoBGP does not properly check the input length Moderate
CVE-2025-43970 was published for github.com/osrg/gobgp (Go) Apr 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database