GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,047 advisories
Filter by severity
age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
Moderate
GHSA-32gq-x56h-299c
was published
for
filippo.io/age
(Go)
Dec 18, 2024
HTTP/2 Stream Cancellation Attack
Moderate
CVE-2023-44487
was published
for
com.typesafe.akka:akka-http-core
(Go)
Oct 10, 2023
Improper Input Validation in Buildah and Podman
Moderate
CVE-2024-9407
was published
for
github.com/containers/buildah
(Go)
Oct 1, 2024
Hashicorp Nomad Incorrect Privilege Assignment vulnerability
Moderate
CVE-2024-12678
was published
for
github.com/hashicorp/nomad
(Go)
Dec 20, 2024
MinIO vulnerable to privilege escalation in IAM import API
High
CVE-2024-55949
was published
for
github.com/minio/minio
(Go)
Dec 16, 2024
OpenShift Must Gather Operator Improper Input Validation vulnerability
High
CVE-2024-25131
was published
for
github.com/openshift/must-gather
(Go)
Dec 19, 2024
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service
High
GHSA-5pf6-cq2v-23ww
was published
for
github.com/clidey/whodb/core
(Go)
Dec 19, 2024
Non-linear parsing of case-insensitive content in golang.org/x/net/html
High
CVE-2024-45338
was published
for
golang.org/x/net
(Go)
Dec 18, 2024
Beego has Collision Hazards of MD5 in Cache Key Filenames
Moderate
CVE-2024-55885
was published
for
github.com/beego/beego
(Go)
Dec 12, 2024
Mattermost Server Resource Exhaustion
Low
CVE-2024-28053
was published
for
github.com/mattermost/mattermost-server
(Go)
Mar 15, 2024
Unencrypted traffic between pods when using Wireguard and an external kvstore
Moderate
CVE-2024-25631
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
Unencrypted ingress/health traffic when using Wireguard transparent encryption
Moderate
CVE-2024-25630
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
Open Cluster Management vulnerable to Trust Boundary Violation
High
CVE-2024-9779
was published
for
open-cluster-management.io/ocm
(Go)
Dec 18, 2024
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access
Moderate
CVE-2024-8676
was published
for
github.com/cri-o/cri-o
(Go)
Nov 26, 2024
Traefik affected by CVE-2024-53259
Moderate
GHSA-hxr6-2p24-hf98
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 17, 2024
ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion
High
GHSA-8wcc-m6j2-qxvm
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Dec 16, 2024
Mattermost Improper Validation of Specified Type of Input vulnerability
Moderate
CVE-2024-54083
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 16, 2024
Mattermost Race Condition vulnerability
Moderate
CVE-2024-48872
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 16, 2024
Mattermost Data Amplification vulnerability
Moderate
CVE-2024-54682
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 16, 2024
Vitess allows HTML injection in /debug/querylogz & /debug/env
Moderate
CVE-2024-53257
was published
for
vitess.io/vitess
(Go)
Dec 3, 2024
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Critical
CVE-2024-45337
was published
for
golang.org/x/crypto
(Go)
Dec 11, 2024
Potential Vulnerabilities Due to Outdated golang.org/x/crypto Dependency in NanoProxy
High
GHSA-7prj-hgx4-2xc3
was published
for
github.com/ryanbekhen/nanoproxy
(Go)
Dec 12, 2024
Kubernetes kubelet arbitrary command execution
High
CVE-2024-10220
was published
for
k8s.io/kubernetes
(Go)
Nov 22, 2024
Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service
Moderate
CVE-2024-12289
was published
for
github.com/hashicorp/boundary
(Go)
Dec 13, 2024
Mattermost Server Improper Access Control
Moderate
CVE-2024-29221
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
ProTip!
Advisories are also available from the
GraphQL API