Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,335
Erlang
31
GitHub Actions
22
Go
2,096
Maven
5,000+
npm
3,762
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

69 advisories

Loading
containerd environment variable leak Moderate
CVE-2021-21334 was published for github.com/containerd/containerd (Go) Jan 31, 2024
Enumeration of users in HashiCorp Vault Moderate
CVE-2020-35177 was published for github.com/hashicorp/vault (Go) Jan 31, 2024
Grafana Arbitrary File Read Moderate
CVE-2019-19499 was published for github.com/grafana/grafana (Go) Jan 31, 2024
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-44312 was published for github.com/apache/servicecomb-service-center (Go) Jan 31, 2024
CubeFS leaks magic secret key when starting Blobstore access service Moderate
CVE-2023-46741 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz
Mattermost notified all users in the channel when using WebSockets to respond individually Moderate
CVE-2023-48732 was published for github.com/mattermost/mattermost-server/v6 (Go) Jan 2, 2024
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-6459 was published for github.com/mattermost/mattermost-server/v6 (Go) Dec 6, 2023
github.com/go-resty/resty/v2 HTTP request body disclosure Moderate
CVE-2023-45286 was published for github.com/go-resty/resty/v2 (Go) Nov 28, 2023
shanduur Kryvchun
billinghamj deerbone neilgierman hansmi
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-45223 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-43754 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
capsule-proxy service discloses Namespaces of colliding tenants to owners of different tenants with the same ServiceAccount name Moderate
CVE-2023-46254 was published for github.com/projectcapsule/capsule (Go) Nov 7, 2023
mtheeren-asml prometherion
Mattermost password hash disclosure vulnerability Moderate
CVE-2023-5968 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 6, 2023
MarkLee131
Cros secrets may be disclosed to untrusted relay Moderate
CVE-2023-43617 was published for github.com/schollz/croc/v9 (Go) Sep 20, 2023
schollz
Mattermost fails to sanitize post metadata Moderate
CVE-2023-4108 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
KubePi may leak password hash of any user Moderate
CVE-2023-37916 was published for github.com/KubeOperator/kubepi (Go) Jul 21, 2023
ch1nhpd
Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited Moderate
CVE-2023-33955 was published for github.com/minio/console (Go) May 26, 2023
kr0x02
Ironic and ironic-inspector may expose as ConfigMaps Moderate
CVE-2023-30841 was published for github.com/metal3-io/baremetal-operator (Go) Apr 26, 2023
Buildkit credentials inlined to Git URLs could end up in provenance attestation Moderate
CVE-2023-26054 was published for github.com/moby/buildkit (Go) Mar 7, 2023
oatovar
Helm vulnerable to information disclosure via getHostByName Function Moderate
CVE-2023-25165 was published for helm.sh/helm/v3 (Go) Feb 8, 2023
phil9909
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set Moderate
CVE-2023-24827 was published for github.com/anchore/syft (Go) Feb 8, 2023
wagoodman
Initial debug-host handler implementation could leak information and facilitate denial of service Moderate
GHSA-x477-fq37-q5wr was published for fortio.org/proxy (Go) Jan 27, 2023
usememos/memos may leak user information to an authenticated user Moderate
CVE-2022-4734 was published for github.com/usememos/memos (Go) Dec 27, 2022
Mattermost users could access some sensitive information via API call Moderate
CVE-2022-2401 was published for github.com/mattermost/mattermost-server/v6 (Go) Jul 15, 2022
Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users Moderate
CVE-2022-31066 was published for github.com/edgexfoundry/app-functions-sdk-go/v2 (Go) Jun 17, 2022
bnevis-i
Ignition config accessible to unprivileged software on VMware Moderate
CVE-2022-1706 was published for github.com/coreos/ignition (Go) May 25, 2022
jonaz bgilbert
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database