GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,482
NuGet
605
pip
3,050
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
803 advisories
Filter by severity
pgx SQL Injection via Line Comment Creation
Moderate
CVE-2024-27289
was published
for
github.com/jackc/pgx
(Go)
Mar 4, 2024
Helm shows secrets in clear text
Moderate
CVE-2019-25210
was published
for
helm.sh/helm/v3
(Go)
Mar 3, 2024
Mattermost allows attackers access to posts in channels they are not a member of
Moderate
CVE-2024-1942
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost fails to limit the number of role names
Moderate
CVE-2024-1953
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost post fetching without auditing in compliance export
Moderate
CVE-2024-1887
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost leaks details of AD/LDAP groups of a teams
Moderate
CVE-2024-23493
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost fails to check the "invite_guest" permission
Moderate
CVE-2024-1888
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost denial of service through long emoji value
Moderate
CVE-2024-24988
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
http-swagger XSS via PUT requests
Moderate
CVE-2024-25712
was published
for
github.com/swaggo/http-swagger
(Go)
Feb 29, 2024
jose2go vulnerable to denial of service via large p2c value
Moderate
CVE-2023-50658
was published
for
github.com/dvsekhvalnov/jose2go
(Go)
Feb 29, 2024
Minder trusts client-provided mapping from repo name to upstream ID
Moderate
CVE-2024-27093
was published
for
github.com/stacklok/minder
(Go)
Feb 26, 2024
User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository
Moderate
GHSA-fvv5-h29g-f6w5
was published
for
github.com/treeverse/lakefs
(Go)
Feb 22, 2024
Apache Answer Race Condition vulnerability
Moderate
CVE-2024-26578
was published
for
github.com/apache/incubator-answer
(Go)
Feb 22, 2024
Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability
Moderate
CVE-2024-22393
was published
for
github.com/apache/incubator-answer
(Go)
Feb 22, 2024
Apache Answer Cross-site Scripting vulnerability
Moderate
CVE-2024-23349
was published
for
github.com/apache/incubator-answer
(Go)
Feb 22, 2024
ASA-2024-002: Default `PrepareProposalHandler` may produce invalid proposals when used with default `SenderNonceMempool`
Moderate
GHSA-2557-x9mg-76w8
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Feb 21, 2024
ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module
Moderate
GHSA-4j93-fm92-rp4m
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Feb 21, 2024
Unencrypted traffic between pods when using Wireguard and an external kvstore
Moderate
CVE-2024-25631
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
Unencrypted ingress/health traffic when using Wireguard transparent encryption
Moderate
CVE-2024-25630
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security
Moderate
CVE-2024-21500
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Server-Side Request Forgery in github.com/greenpau/caddy-security
Moderate
CVE-2024-21498
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security
Moderate
CVE-2024-21499
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Open Redirect in github.com/greenpau/caddy-security
Moderate
CVE-2024-21497
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Use of Insufficiently Random Values in github.com/greenpau/caddy-security
Moderate
CVE-2024-21495
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Insufficient Session Expiration in github.com/greenpau/caddy-security
Moderate
CVE-2024-21492
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
ProTip!
Advisories are also available from the
GraphQL API