Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,646
Maven
5,000+
npm
4,273
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,646 advisories

Loading
LXD vulnerable to a local privilege escalation through custom storage volumes High
GHSA-3g2j-vm47-x4mj was published for lxd (Go) Nov 13, 2025
abdodz1234 stgraber
Credited to abdodz1234 and stgraber
SpiceDB WriteRelationships fails silently if payload is too big Low
CVE-2025-64529 was published for github.com/authzed/spicedb (Go) Nov 13, 2025
File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency Critical
GHSA-6jqf-mv7m-3q7p was published for github.com/filebrowser/filebrowser/v2 (Go) Nov 13, 2025
Francesco-Bellomi hacdias
Credited to Francesco-Bellomi and hacdias
File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function High
CVE-2025-64523 was published for github.com/filebrowser/filebrowser (Go) Nov 13, 2025
bbodisteanu-hacken hacdias
Credited to bbodisteanu-hacken and hacdias
AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance High
GHSA-7wq2-32h4-9hc9 was published for github.com/aws/aws-advanced-go-wrapper/awssql (Go) Nov 13, 2025
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-11777 was published for github.com/mattermost/mattermost (Go) Nov 13, 2025
Incus vulnerable to local privilege escalation through custom storage volumes High
CVE-2025-64507 was published for github.com/lxc/incus (Go) Nov 13, 2025
abdodz1234 stgraber
Credited to abdodz1234 and stgraber
Milvus Proxy has a Critical Authentication Bypass Vulnerability Critical
CVE-2025-64513 was published for github.com/milvus-io/milvus (Go) Nov 13, 2025
Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves High
CVE-2025-64186 was published for github.com/evervault/evervault-go (Go) Nov 12, 2025
JoranHonig
Credited to JoranHonig
OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation High
CVE-2025-64484 was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Nov 12, 2025
47Cid
Credited to 47Cid
Soft Serve is vulnerable to SSRF through its Webhooks Critical
CVE-2025-64522 was published for github.com/charmbracelet/soft-serve (Go) Nov 10, 2025
Tomer-PL caarlos0
Credited to Tomer-PL and caarlos0
KubeVirt Vulnerable to Arbitrary Host File Read and Write High
CVE-2025-64324 was published for github.com/kubevirt/kubevirt (Go) Nov 7, 2025
mihailkirov Faeris95
jean-edouard
Credited to mihailkirov, Faeris95, and jean-edouard
Soft Serve does not sanitize ANSI escape sequences in user input Moderate
CVE-2025-64494 was published for github.com/charmbracelet/soft-serve (Go) Nov 6, 2025
Tomer-PL caarlos0
Credited to Tomer-PL and caarlos0
KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes Moderate
CVE-2025-64437 was published for github.com/kubevirt/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
xpivarc
Credited to mihailkirov, Faeris95, and xpivarc
KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes Moderate
CVE-2025-64436 was published for github.com/kubevirt/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
xpivarc
Credited to mihailkirov, Faeris95, and xpivarc
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation Moderate
CVE-2025-64435 was published for github.com/kubevirt/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing Moderate
CVE-2025-64434 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
KubeVirt Arbitrary Container File Read Moderate
CVE-2025-64433 was published for github.com/kubevirt/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer Moderate
CVE-2025-64432 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
xpivarc
Credited to mihailkirov, Faeris95, and xpivarc
containerd CRI server: Host memory exhaustion through Attach goroutine leak Moderate
CVE-2025-64329 was published for github.com/containerd/containerd (Go) Nov 6, 2025
Wheat2018
Credited to Wheat2018
OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses Low
GHSA-w2jf-268q-mrvh was published for github.com/opentofu/opentofu (Go) Nov 6, 2025
containerd affected by a local privilege escalation via wide permissions on CRI directory High
CVE-2024-25621 was published for github.com/containerd/containerd (Go) Nov 6, 2025
dgl
Credited to dgl
IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering High
CVE-2025-64431 was published for github.com/zitadel/zitadel (Go) Nov 5, 2025
livio-a stebenz
Credited to livio-a and stebenz
runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects High
CVE-2025-52881 was published for github.com/opencontainers/runc (Go) Nov 5, 2025
tonistiigi cyphar
lifubang OddBloke olsova
Credited to tonistiigi, cyphar, lifubang, OddBloke, and olsova
runc container escape with malicious config due to /dev/console mount and related races High
CVE-2025-52565 was published for github.com/opencontainers/runc (Go) Nov 5, 2025
ssst0n3 lifubang
cyphar
Credited to ssst0n3, lifubang, and cyphar
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database