GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,319
Erlang
31
GitHub Actions
21
Go
2,077
Maven
5,000+
npm
3,746
NuGet
674
pip
3,435
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+
2,077 advisories
Filter by severity
Mattermost fails to properly validate post props
Moderate
CVE-2025-20088
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Jan 15, 2025
Navidrome Stores JWT Secret in Plaintext in navidrome.db
High
CVE-2024-56362
was published
for
github.com/navidrome/navidrome
(Go)
Dec 23, 2024
Git LFS permits exfiltration of credentials via crafted HTTP URLs
High
CVE-2024-53263
was published
for
github.com/git-lfs/git-lfs
(Go)
Jan 14, 2025
Mattermost Incorrect Type Conversion or Cast
Moderate
CVE-2025-21088
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Jan 15, 2025
Mattermost fails to properly validate post props
Moderate
CVE-2025-20086
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Jan 15, 2025
Rancher UI has Stored Cross-site Scripting vulnerability
High
CVE-2024-52281
was published
for
github.com/rancher/rancher
(Go)
Jan 14, 2025
OpenFGA Authorization Bypass
Moderate
CVE-2024-56323
was published
for
github.com/openfga/openfga
(Go)
Jan 13, 2025
notation-go has an OS error when setting CRL cache leads to denial of signature verification
Low
CVE-2024-51491
was published
for
github.com/notaryproject/notation-go
(Go)
Jan 13, 2025
notation-go's timestamp signature generation lacks certificate revocation check
Moderate
CVE-2024-56138
was published
for
github.com/notaryproject/notation-go
(Go)
Jan 13, 2025
Signature validation bypass in github.com/moov-io/signedxml
Critical
CVE-2023-34205
was published
for
github.com/moov-io/signedxml
(Go)
May 30, 2023
Mattermost denial of service through long emoji value
Moderate
CVE-2024-24988
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost leaks details of AD/LDAP groups of a teams
Moderate
CVE-2024-23493
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Hashicorp Consul Path Traversal vulnerability
High
CVE-2024-10005
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability
Moderate
CVE-2024-10006
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
Hashicorp Consul Cross-site Scripting vulnerability
Moderate
CVE-2024-10086
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
High
CVE-2024-7594
was published
for
github.com/hashicorp/vault
(Go)
Sep 26, 2024
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
Low
CVE-2025-22149
was published
for
github.com/MicahParks/jwkset
(Go)
Jan 9, 2025
Unencrypted traffic between nodes when using WireGuard and L7 policies
Moderate
CVE-2024-28250
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Unencrypted traffic between nodes when using IPsec and L7 policies
Moderate
CVE-2024-28249
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss
Critical
CVE-2024-21652
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 18, 2024
Mattermost has Improper Check for Unusual or Exceptional Conditions
Low
CVE-2025-22445
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Jan 9, 2025
Mattermost Improper Validation of Specified Type of Input vulnerability
Moderate
CVE-2025-20033
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Jan 9, 2025
Mattermost Incorrect Authorization vulnerability
Low
CVE-2025-22449
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Jan 9, 2025
Helm's Missing YAML Content Leads To Panic
High
CVE-2024-26147
was published
for
helm.sh/helm/v3
(Go)
Feb 22, 2024
OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer
Moderate
CVE-2024-7387
was published
for
github.com/openshift/builder
(Go)
Sep 17, 2024
ProTip!
Advisories are also available from the
GraphQL API