Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,504 advisories

Loading
Grafana vulnerable to authenticated users bypassing dashboard, folder permissions High
CVE-2025-3260 was published for github.com/grafana/grafana (Go) Jun 2, 2025
kro Confused Deputy vulnerability Moderate
CVE-2025-48710 was published for github.com/kro-run/kro (Go) Jun 4, 2025
Grafana's datasource proxy API allows authorization checks to be bypassed Moderate
CVE-2025-3454 was published for github.com/grafana/grafana (Go) Jun 2, 2025
Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification High
CVE-2022-2989 was published for github.com/containers/podman/v3 (Go) Sep 14, 2022
SiYuan has an arbitrary file read via /api/template/render High
CVE-2024-55657 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
SiYuan has an arbitrary file read and path traversal via /api/export/exportResources High
CVE-2024-55658 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
SpiceDB checks involving relations with caveats can result in no permission when permission is expected Low
CVE-2025-49011 was published for github.com/authzed/spicedb (Go) Jun 6, 2025
miparnisari
Argo CD does not scrub secret values from patch errors Moderate
CVE-2025-23216 was published for github.com/argoproj/argo-cd (Go) Jan 30, 2025
svghadi
Authorino Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-25207 was published for github.com/kuadrant/authorino (Go) Jun 9, 2025
Authorino Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-25208 was published for github.com/kuadrant/authorino (Go) Jun 9, 2025
listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user Critical
CVE-2025-49136 was published for github.com/knadh/listmonk (Go) Jun 9, 2025
nakkouchtarek
CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification High
CVE-2025-47950 was published for github.com/coredns/coredns (Go) Jun 6, 2025
thevilledev dfunkt
Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS) High
CVE-2025-49140 was published for github.com/pion/interceptor (Go) Jun 9, 2025
JoeTurki kmansoft
3DRX
CWA-2025-006: wasmd's improper error handling may lead to IBC channel opening despite error High
GHSA-79xg-q4qm-7v9w was published for github.com/CosmWasm/wasmd (Go) Jun 11, 2025
Mattermost allows authenticated administrator to execute LDAP search filter injection Moderate
CVE-2025-4573 was published for github.com/mattermost/mattermost-server (Go) Jun 11, 2025
Mattermost allows guest users to view information about public teams they are not members of Low
CVE-2025-4128 was published for github.com/mattermost/mattermost-server (Go) Jun 11, 2025
OpenShift Console Server Side Request Forgery vulnerability Moderate
CVE-2024-6538 was published for github.com/openshift/console (Go) Nov 25, 2024
pgx SQL Injection via Line Comment Creation High
CVE-2024-27289 was published for github.com/jackc/pgx (Go) Mar 4, 2024
paul-gerste-sonarsource
OpenFGA Authorization Bypass Moderate
CVE-2025-48371 was published for github.com/openfga/openfga (Go) May 23, 2025
udyvish
Argo CD GitOps Engine does not scrub secret values from patch errors Moderate
GHSA-274v-mgcv-cm8j was published for github.com/argoproj/gitops-engine (Go) Jan 30, 2025
svghadi kbsteere
xnox
New authd users logging in via SSH are members of the root group Moderate
CVE-2025-5689 was published for github.com/ubuntu/authd (Go) Jun 16, 2025
Teleport allows remote authentication bypass Critical
CVE-2025-49825 was published for github.com/gravitational/teleport (Go) Jun 16, 2025
Grafana long dashboard title or panel name causes unresponsives Low
CVE-2025-1088 was published for github.com/grafana/grafana (Go) Jun 18, 2025
Withdrawn Advisory: Helm shows secrets in clear text Moderate
CVE-2019-25210 was published for helm.sh/helm/v3 (Go) Mar 3, 2024 withdrawn
oscerd
Velociraptor vulnerable to privilege escalation via UpdateConfig artifact Moderate
CVE-2025-6264 was published for www.velocidex.com/golang/velociraptor (Go) Jun 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database