Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,694
Erlang
34
GitHub Actions
28
Go
2,284
Maven
5,000+
npm
3,936
NuGet
708
pip
3,706
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

829 advisories

Loading
Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt High
GHSA-869w-47c6-fq8q was published for github.com/babylonlabs-io/babylon (Go) May 15, 2025
Babylon Finality Provider `MsgCommitPubRandList` replay attack High
GHSA-7mm3-vfg8-7rg6 was published for github.com/babylonlabs-io/babylon (Go) May 15, 2025
Cosmos EVM Allows Partial Precompile State Writes High
GHSA-mjfq-3qr2-6g84 was published for github.com/cosmos/evm (Go) May 14, 2025
Yggdrasil Vulnerable to Local Privilege Escalation High
CVE-2025-3931 was published for github.com/redhatinsights/yggdrasil (Go) May 14, 2025
ZITADEL Allows IdP Intent Token Reuse High
CVE-2025-46815 was published for github.com/zitadel/zitadel (Go) May 6, 2025
cfx livio-a
fforootd
OPA server Data API HTTP path injection of Rego High
CVE-2025-46569 was published for github.com/open-policy-agent/opa (Go) May 1, 2025
GamrayW HyouKash
AdrienIT
Volcano Scheduler Denial of Service via Unbounded Response from Elastic Service/extender Plugin High
CVE-2025-32777 was published for volcano.sh/volcano (Go) Apr 30, 2025
kevin-wangzefeng Monokaix
AdamKorcz
Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements High
CVE-2025-46342 was published for github.com/kyverno/kyverno (Go) Apr 29, 2025
anbrsap
Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle (MitM) attacks High
CVE-2023-32198 was published for github.com/rancher/steve (Go) Apr 25, 2025
Rancher users who can create Projects can gain access to arbitrary projects High
CVE-2024-22031 was published for github.com/rancher/rancher (Go) Apr 25, 2025
Traefik has a possible vulnerability with the path matchers High
CVE-2025-32431 was published for github.com/traefik/traefik (Go) Apr 21, 2025
GoBGP panics due to a zero value for softwareVersionLen High
CVE-2025-43971 was published for github.com/osrg/gobgp (Go) Apr 21, 2025
Traefik affected by Go oauth2/jws Improper Validation of Syntactic Correctness of Input vulnerability High
CVE-2025-22868 was published for github.com/traefik/traefik/v2 (Go) Apr 18, 2025
adregbr
Kyverno vulnerable to SSRF via Service Calls High
GHSA-459x-q9hg-4gpq was published for github.com/kyverno/kyverno (Go) Apr 15, 2025
r0binak
mholt/archiver Vulnerable to Path Traversal via Crafted ZIP File High
CVE-2025-3445 was published for github.com/mholt/archiver (Go) Apr 14, 2025
golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange High
CVE-2025-22869 was published for golang.org/x/crypto (Go) Apr 12, 2025
MinIO performs incomplete signature validation for unsigned-trailer uploads High
CVE-2025-31489 was published for github.com/minio/minio (Go) Apr 4, 2025
owainkenwayucl AndEsterson
harshavardhana
Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics High
CVE-2023-27591 was published for miniflux.app (Go) Apr 2, 2025
40826d fguillot
Nethermind Juno Potential Denial of Service (DoS) via Integer Overflow High
CVE-2025-29072 was published for github.com/NethermindEth/juno (Go) Mar 27, 2025
ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation High
CVE-2025-1097 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
ingress-nginx controller - configuration injection via unsanitized mirror annotations High
CVE-2025-1098 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
ingress-nginx controller - configuration injection via unsanitized auth-url annotation High
CVE-2025-24514 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
jwt-go allows excessive memory allocation during header parsing High
CVE-2025-30204 was published for github.com/golang-jwt/jwt (Go) Mar 21, 2025
jub0bs Web-E
peterbourgon skitt
PipeCD Vulnerable to Privilege Escalation High
CVE-2024-53351 was published for github.com/pipe-cd/pipecd (Go) Mar 21, 2025
Mattermost Fails to Enforce MFA on Plugin Endpoints High
CVE-2025-25068 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database