Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,613
NuGet
638
pip
3,210
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

882 advisories

Loading
CoreDNS may return invalid cache entries Moderate
CVE-2024-0874 was published for github.com/coredns/coredns (Go) Apr 25, 2024
Gouniverse GoLang CMS vulnerable to Cross-site Scripting Moderate
CVE-2024-8572 was published for github.com/gouniverse/cms (Go) Sep 8, 2024
github.com/gitpod-io/gitpod vulnerable to Cookie Tossing Moderate
CVE-2024-21583 was published for github.com/gitpod-io/gitpod (Go) Jul 19, 2024
Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill Moderate
CVE-2024-8462 was published for github.com/windmill-labs/windmill (Go) Sep 5, 2024
Vault Leaks Client Token and Token Accessor in Audit Devices Moderate
CVE-2024-8365 was published for github.com/hashicorp/vault (Go) Sep 2, 2024
Calico privilege escalation vulnerability Moderate
CVE-2024-33522 was published for github.com/projectcalico/calico (Go) Apr 30, 2024
SQL Injection in the KubeClarity REST API Moderate
CVE-2024-39909 was published for github.com/openclarity/kubeclarity/backend (Go) Jul 12, 2024
b-abderrahmane
Kubean vulnerable to cluster-level privilege escalation Moderate
CVE-2024-41820 was published for github.com/kubean-io/kubean (Go) Aug 5, 2024
younaman
Ollama does not validate the format of the digest (sha256 with 64 hex digits) Moderate
CVE-2024-37032 was published for github.com/ollama/ollama (Go) May 31, 2024
lukas-braune
OCI image importer memory exhaustion in github.com/containerd/containerd Moderate
CVE-2023-25153 was published for github.com/containerd/containerd (Go) Feb 16, 2023
AdamKorcz DavidKorczynski
Gitea allowed assignment of private issues Moderate
CVE-2022-38183 was published for code.gitea.io/gitea (Go) Aug 13, 2022
Supplementary groups are not set up properly in github.com/containerd/containerd Moderate
CVE-2023-25173 was published for github.com/containerd/containerd (Go) Feb 16, 2023
Exposure of debug and metrics endpoints in Pomerium Moderate
CVE-2022-24797 was published for github.com/pomerium/pomerium (Go) Sep 6, 2024
gnark's Groth16 commitment extension unsound for more than one commitment Moderate
CVE-2024-45039 was published for github.com/consensys/gnark (Go) Sep 6, 2024
maltezellic ivokub
gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property Moderate
CVE-2024-45040 was published for github.com/consensys/gnark (Go) Sep 6, 2024
maltezellic
The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD Moderate
CVE-2024-43803 was published for github.com/metal3-io/baremetal-operator (Go) Sep 3, 2024
CometBFT's state syncing validator from malicious node may lead to a chain split Moderate
GHSA-g5xx-c4hv-9ccc was published for github.com/cometbft/cometbft/light (Go) Sep 3, 2024
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability Moderate
CVE-2024-45043 was published for github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver (Go) Aug 29, 2024
DouglasHeriot Aneurysm9
arminru
CWA-2023-004: Excessive number of function parameters in compiled Wasm Moderate
GHSA-75qh-gg76-p2w4 was published for cosmwasm-vm (Go) Aug 27, 2024
snapd failed to properly check the destination of symbolic links when extracting a snap Moderate
CVE-2024-29069 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
snapd failed to properly check the file type when extracting a snap Moderate
CVE-2024-29068 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window Moderate
CVE-2024-45244 was published for github.com/hyperledger/fabric (Go) Aug 25, 2024
Mattermost doesn't restrict which roles can promote a user as system admin Moderate
CVE-2024-8071 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost Cross-Site Request Forgery vulnerability Moderate
CVE-2024-40886 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost allows remote/synthetic users to create sessions, reset passwords Moderate
CVE-2024-39836 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
ProTip! Advisories are also available from the GraphQL API