GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
138 advisories
Filter by severity
Mattermost allows team admins to promote guests to team admins
Low
CVE-2024-4195
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Caddy allows enumeration of Certificates and Hostnames
Low
CVE-2018-19148
was published
for
github.com/caddyserver/caddy
(Go)
May 14, 2022
Authelia's Group Changes may not have the expected results (YAML file backend)
Low
GHSA-x883-2vmg-xwf7
was published
for
github.com/authelia/authelia/v4
(Go)
Apr 22, 2024
SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used
Low
CVE-2024-32001
was published
for
github.com/authzed/spicedb
(Go)
Apr 10, 2024
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
Low
GHSA-j5vm-7qcc-2wwg
was published
for
github.com/kopia/kopia
(Go)
Apr 10, 2024
CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation
Low
GHSA-hq58-p9mv-338c
was published
for
github.com/cometbft/cometbft
(Go)
Sep 29, 2023
Crash when processing crafted TIFF files
Low
CVE-2023-36308
was published
for
github.com/disintegration/imaging
(Go)
Sep 5, 2023
Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery
Low
CVE-2024-23319
was published
for
github.com/mattermost/mattermost-plugin-jira
(Go)
Feb 9, 2024
Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true
Low
GHSA-x9qq-236j-gj97
was published
for
github.com/canonical/lxd
(Go)
Dec 5, 2023
ASA-2024-004: Default configuration param for Evidence may limit window of validity
Low
GHSA-555p-m4v6-cqxv
was published
for
github.com/cometbft/cometbft
(Go)
Feb 28, 2024
ASA-2024-005: Potential slashing evasion during re-delegation
Low
GHSA-86h5-xcpx-cfqc
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Feb 27, 2024
Plugin archive directory traversal in Helm
Low
CVE-2020-4053
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
Apache Answer Race Condition vulnerability
Low
CVE-2023-49619
was published
for
github.com/apache/incubator-answer
(Go)
Jan 10, 2024
The DES/3DES cipher was used as part of the TLS protocol by installation tools
Low
GHSA-7xg2-83f8-39mr
was published
for
github.com/karmada-io/karmada
(Go)
Jan 3, 2024
code.gitea.io/gitea Open Redirect vulnerability
Low
CVE-2023-3515
was published
for
code.gitea.io/gitea
(Go)
Jul 5, 2023
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Low
CVE-2023-46737
was published
for
github.com/sigstore/cosign
(Go)
Nov 8, 2023
eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations
Low
GHSA-99jv-8292-2hpm
was published
for
knative.dev/eventing-gitlab
(Go)
Dec 8, 2023
Kubernetes in OpenShift3 Access Control Misconfiguration
Low
CVE-2015-7561
was published
for
k8s.io/kubernetes
(Go)
May 13, 2022
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations
Low
GHSA-v7hc-87jc-qrrr
was published
for
knative.dev/eventing-github
(Go)
Dec 6, 2023
Mattermost Injection vulnerability
Low
CVE-2023-35075
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability
Low
CVE-2023-5834
was published
for
github.com/hashicorp/vagrant
(Go)
Oct 28, 2023
gnark's range checker gadget allows wider inputs up to word alignment
Low
GHSA-rjjm-x32p-m3f7
was published
for
github.com/consensys/gnark
(Go)
Nov 12, 2023
SpiceDB's LookupResources may return partial results
Low
CVE-2023-35930
was published
for
github.com/authzed/spicedb
(Go)
Jun 28, 2023
etcd Key name can be accessed via LeaseTimeToLive API
Low
CVE-2023-32082
was published
for
github.com/etcd-io/etcd
(Go)
May 12, 2023
Answer Missing Authorization vulnerability
Low
CVE-2023-2590
was published
for
github.com/answerdev/answer
(Go)
May 9, 2023
ProTip!
Advisories are also available from the
GraphQL API