GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,915 advisories
Filter by severity
Improper Input Validation in Buildah and Podman
Moderate
CVE-2024-9407
was published
for
github.com/containers/buildah
(Go)
Oct 1, 2024
Link Following in github.com/containers/common
Moderate
CVE-2024-9341
was published
for
github.com/containers/common
(Go)
Oct 1, 2024
Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability
High
CVE-2024-9355
was published
for
github.com/golang-fips/openssl/v2
(Go)
Oct 1, 2024
Incorrect delegation lookups can make go-tuf download the wrong artifact
High
CVE-2024-47534
was published
for
github.com/theupdateframework/go-tuf/v2
(Go)
Oct 1, 2024
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
High
CVE-2024-7594
was published
for
github.com/hashicorp/vault
(Go)
Sep 26, 2024
Rancher agents can be hijacked by taking over the Rancher Server URL
High
CVE-2024-22030
was published
for
github.com/rancher/rancher
(Go)
Sep 26, 2024
Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials
Moderate
CVE-2024-45042
was published
for
github.com/ory/kratos
(Go)
Sep 26, 2024
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events
Moderate
CVE-2024-47003
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Sep 26, 2024
Grafana Alloy on Windows has Unquoted Search Path or Element vulnerability
Moderate
CVE-2024-8975
was published
for
github.com/grafana/alloy
(Go)
Sep 25, 2024
Grafana Agent (Flow mode) on Windows has Unquoted Search Path or Element vulnerability
Moderate
CVE-2024-8996
was published
for
github.com/grafana/agent
(Go)
Sep 25, 2024
Apache Answer: Avatar URL leaked user email addresses
Moderate
CVE-2024-40761
was published
for
github.com/apache/incubator-answer
(Go)
Sep 25, 2024
Mellium allows Authentication Bypass by Spoofing
Critical
CVE-2024-46957
was published
for
mellium.im/xmpp
(Go)
Sep 25, 2024
Navidrome has Multiple SQL Injections and ORM Leak
Critical
CVE-2024-47062
was published
for
github.com/navidrome/navidrome
(Go)
Sep 20, 2024
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation
Moderate
CVE-2024-47060
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
ZITADEL's Service Users Deactivation not Working
High
CVE-2024-47000
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
ZITADEL's User Grant Deactivation not Working
High
CVE-2024-46999
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
HTTP client can manipulate custom HTTP headers that are added by Traefik
Critical
CVE-2024-45410
was published
for
github.com/traefik/traefik
(Go)
Sep 19, 2024
Dragonfly2 has hard coded cyptographic key
Critical
CVE-2023-27584
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 19, 2024
Grafana plugin SDK Information Leakage
Critical
CVE-2024-8986
was published
for
github.com/grafana/grafana-plugin-sdk-go
(Go)
Sep 19, 2024
CoreDNS Cache Poisoning via a birthday attack
Low
CVE-2023-30464
was published
for
github.com/coredns/coredns
(Go)
Sep 18, 2024
Chaosblade vulnerable to OS command execution
Critical
CVE-2023-47105
was published
for
github.com/chaosblade-io/chaosblade
(Go)
Sep 18, 2024
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission
Low
CVE-2024-46989
was published
for
github.com/authzed/spicedb
(Go)
Sep 18, 2024
CoreDNS vulnerable to TuDoor Attacks
High
CVE-2023-28452
was published
for
github.com/coredns/coredns
(Go)
Sep 18, 2024
OpenShift Controller Manager Improper Privilege Management
Critical
CVE-2024-45496
was published
for
github.com/openshift/openshift-controller-manager
(Go)
Sep 17, 2024
OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer
Critical
CVE-2024-7387
was published
for
github.com/openshift/builder
(Go)
Sep 17, 2024
ProTip!
Advisories are also available from the
GraphQL API