GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
141 advisories
Filter by severity
github.com/bincyber/go-sqlcrypter vulnerable to IV collision
Low
GHSA-2j6r-9vv4-6gf5
was published
for
github.com/bincyber/go-sqlcrypter
(Go)
May 20, 2024
Grafana Forward OAuth Identity Token can allow users to access some data sources
Low
CVE-2022-21673
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
containerd started with non-empty inheritable Linux process capabilities
Low
GHSA-c9cp-9c75-9v8c
was published
for
github.com/containerd/containerd
(Go)
May 14, 2024
NATS server TLS missing ciphersuite settings when CLI flags used
Low
CVE-2021-32026
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 14, 2024
sshproxy vulnerable to SSH option injection
Low
CVE-2024-34713
was published
for
github.com/cea-hpc/sshproxy
(Go)
May 14, 2024
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage
Low
CVE-2024-34079
was published
for
github.com/octo-sts/app
(Go)
May 13, 2024
Mattermost allows team admins to promote guests to team admins
Low
CVE-2024-4195
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Mattermost fails to fully validate role changes
Low
CVE-2024-4198
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Mattermost fails to limit the size of a request path
Low
CVE-2024-22091
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
Low
CVE-2024-3177
was published
for
k8s.io/kubernetes
(Go)
Apr 23, 2024
Authelia's Group Changes may not have the expected results (YAML file backend)
Low
GHSA-x883-2vmg-xwf7
was published
for
github.com/authelia/authelia/v4
(Go)
Apr 22, 2024
1Panel's password verification is suspected to have a timing attack vulnerability
Low
CVE-2024-30257
was published
for
github.com/1Panel-dev/1Panel
(Go)
Apr 18, 2024
SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used
Low
CVE-2024-32001
was published
for
github.com/authzed/spicedb
(Go)
Apr 10, 2024
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
Low
GHSA-j5vm-7qcc-2wwg
was published
for
github.com/kopia/kopia
(Go)
Apr 10, 2024
Mattermost Server Improper Access Control
Low
CVE-2024-21848
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
Mattermost Server Resource Exhaustion
Low
CVE-2024-28053
was published
for
github.com/mattermost/mattermost-server
(Go)
Mar 15, 2024
Mattermost race condition
Low
CVE-2024-1949
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost incorrectly allows access individual posts
Low
CVE-2024-1952
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost fails to properly restrict the access of files attached to posts
Low
CVE-2024-23488
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
ASA-2024-004: Default configuration param for Evidence may limit window of validity
Low
GHSA-555p-m4v6-cqxv
was published
for
github.com/cometbft/cometbft
(Go)
Feb 28, 2024
ASA-2024-005: Potential slashing evasion during re-delegation
Low
GHSA-86h5-xcpx-cfqc
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Feb 27, 2024
Mattermost fails to check the required permissions
Low
CVE-2024-24776
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 9, 2024
Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery
Low
CVE-2024-23319
was published
for
github.com/mattermost/mattermost-plugin-jira
(Go)
Feb 9, 2024
Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only
Low
GHSA-vjg6-93fv-qv64
was published
for
go.etcd.io/etcd/v3
(Go)
Feb 3, 2024
Etcd embed auto compaction retention negative value causing a compaction loop or a crash
Low
GHSA-pm3m-32r3-7mfh
was published
for
go.etcd.io/etcd/v3
(Go)
Feb 3, 2024
ProTip!
Advisories are also available from the
GraphQL API