Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,517 advisories

Loading
Ollama Allows Out-of-Bounds Read High
CVE-2024-12055 was published for github.com/ollama/ollama (Go) Mar 20, 2025
PipeCD Vulnerable to Privilege Escalation High
CVE-2024-53351 was published for github.com/pipe-cd/pipecd (Go) Mar 21, 2025
Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers Low
CVE-2025-30162 was published for github.com/cilium/cilium (Go) Mar 24, 2025
pjablonski123
Cilium node based network policies may incorrectly allow workload traffic Low
CVE-2025-30163 was published for Ciliumgithub.com/cilium/cilium (Go) Mar 24, 2025
oblazek
ingress-nginx controller - configuration injection via unsanitized mirror annotations High
CVE-2025-1098 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation High
CVE-2025-1097 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
ingress-nginx controller - configuration injection via unsanitized auth-url annotation High
CVE-2025-24514 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
ingress-nginx controller - auth secret file path traversal vulnerability Moderate
CVE-2025-24513 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
ingress-nginx admission controller RCE escalation Critical
CVE-2025-1974 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
Ollama DNS rebinding vulnerability High
CVE-2024-28224 was published for github.com/ollama/ollama (Go) Apr 8, 2024
Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD Moderate
CVE-2025-29781 was published for github.com/metal3-io/baremetal-operator/apis (Go) Mar 17, 2025
WHALEEYE debuggerchen
Mattermost Fails to Restrict Command Execution in Archived Channels Moderate
CVE-2025-25274 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 21, 2025
containerd allows RAPL to be accessible to a container Moderate
GHSA-7ww5-4wqc-m92c was published for github.com/containerd/containerd (Go) Dec 19, 2023
zhangzhics garrisongys
neersighted
Nethermind Juno Potential Denial of Service (DoS) via Integer Overflow High
CVE-2025-29072 was published for github.com/NethermindEth/juno (Go) Mar 27, 2025
Ollama Denial of Service (DoS) via Null Pointer Dereference High
CVE-2025-0312 was published for github.com/ollama/ollama (Go) Mar 20, 2025
go.rgst.io/stencil/v2 vulnerable to Path Traversal Moderate
GHSA-p799-q2pr-6mxj was published for go.rgst.io/stencil/v2 (Go) Mar 29, 2025
github.com/jaredallard/archives Has Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Moderate
GHSA-j95m-rcjp-q69h was published for github.com/jaredallard/archives (Go) Mar 28, 2025
ccojocar
rttys SQL Injection vulnerability High
CVE-2022-38867 was published for github.com/zhaojh329/rttys (Go) Feb 16, 2023
Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times Moderate
CVE-2025-31135 was published for github.com/phires/go-guerrilla (Go) Apr 1, 2025
Zenexer
Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics High
CVE-2023-27591 was published for miniflux.app (Go) Apr 2, 2025
40826d fguillot
Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler Moderate
CVE-2023-27592 was published for miniflux.app/v2 (Go) Apr 2, 2025
fguillot 40826d
LocalAI Cross-Site Scripting (XSS) vulnerability in its search functionality Moderate
CVE-2024-9900 was published for github.com/mudler/LocalAI (Go) Mar 20, 2025
Velociraptor vulnerable to Missing Authorization High
CVE-2023-0242 was published for www.velocidex.com/golang/velociraptor (Go) Jan 18, 2023
MinIO performs incomplete signature validation for unsigned-trailer uploads High
CVE-2025-31489 was published for github.com/minio/minio (Go) Apr 4, 2025
owainkenwayucl AndEsterson
harshavardhana
Moby Race Condition vulnerability High
CVE-2024-36623 was published for github.com/moby/moby (Go) Nov 29, 2024
kbsteere
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database