Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,134 advisories

Loading
New authd users logging in via SSH are members of the root group Moderate
CVE-2025-5689 was published for github.com/ubuntu/authd (Go) Jun 16, 2025
Argo CD GitOps Engine does not scrub secret values from patch errors Moderate
GHSA-274v-mgcv-cm8j was published for github.com/argoproj/gitops-engine (Go) Jan 30, 2025
svghadi kbsteere
xnox
OpenFGA Authorization Bypass Moderate
CVE-2025-48371 was published for github.com/openfga/openfga (Go) May 23, 2025
udyvish
OpenShift Console Server Side Request Forgery vulnerability Moderate
CVE-2024-6538 was published for github.com/openshift/console (Go) Nov 25, 2024
Mattermost allows authenticated administrator to execute LDAP search filter injection Moderate
CVE-2025-4573 was published for github.com/mattermost/mattermost-server (Go) Jun 11, 2025
Authorino Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-25208 was published for github.com/kuadrant/authorino (Go) Jun 9, 2025
Authorino Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-25207 was published for github.com/kuadrant/authorino (Go) Jun 9, 2025
Argo CD does not scrub secret values from patch errors Moderate
CVE-2025-23216 was published for github.com/argoproj/argo-cd (Go) Jan 30, 2025
svghadi
Grafana's datasource proxy API allows authorization checks to be bypassed Moderate
CVE-2025-3454 was published for github.com/grafana/grafana (Go) Jun 2, 2025
kro Confused Deputy vulnerability Moderate
CVE-2025-48710 was published for github.com/kro-run/kro (Go) Jun 4, 2025
Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server Moderate
CVE-2025-48938 was published for github.com/cli/go-gh/v2 (Go) May 30, 2025
andyfeller BagToad
babakks matt- shilpakum vcsjones
Users with `create` but not `override` privileges can perform local sync Moderate
CVE-2023-50726 was published for github.com/argoproj/argo-cd (Go) Mar 15, 2024
crenshaw-dev
Mattermost fails to properly invalidate personal access tokens upon user deactivation Moderate
CVE-2025-3230 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to clear Google OAuth credentials Moderate
CVE-2025-2571 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost improperly allows team administrators to modify team invites Moderate
CVE-2025-3913 was published for github.com/mattermost/mattermost/server/v8 (Go) May 29, 2025
zot logs secrets Moderate
CVE-2025-48374 was published for zotregistry.dev/zot (Go) May 22, 2025
lgtm-dude
containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods. Moderate
CVE-2025-47291 was published for github.com/containerd/containerd/v2 (Go) May 21, 2025
rata rogowski-piotr
Insufficient input sanitization in ejson2env Moderate
CVE-2025-48069 was published for ejson2env (RubyGems) May 21, 2025
thepwagner alexhope61
rj-coleman Owen-Cummings
Rancher's SAML-based login via CLI can be denied by unauthenticated users Moderate
CVE-2025-23387 was published for github.com/rancher/rancher (Go) Feb 27, 2025
AnonySE26
containerd has an integer overflow in User ID handling Moderate
CVE-2024-40635 was published for github.com/containerd/containerd (Go) Mar 17, 2025
p4ck3t0 emxll
Character injection in Hubble CLI Moderate
CVE-2025-48056 was published for github.com/cilium/hubble (Go) May 21, 2025
devodev bipierce-cisco
Bytebase allows low-privilege users to view admin projects Moderate
CVE-2022-32170 was published for github.com/bytebase/bytebase (Go) Sep 29, 2022
Nomad Panics On Job Submission With Bad Artifact Stanza Source URL Moderate
CVE-2022-41606 was published for github.com/hashicorp/nomad (Go) Oct 12, 2022
Linkerd resource exhaustion vulnerability Moderate
CVE-2025-43915 was published for github.com/linkerd/linkerd2 (Go) May 5, 2025
ericd
golang.org/x/net vulnerable to Cross-site Scripting Moderate
CVE-2025-22872 was published for golang.org/x/net (Go) Apr 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database