GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,668 advisories
Filter by severity
Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX
High
CVE-2024-34360
was published
for
github.com/spacemeshos/api
(Go)
May 10, 2024
1Panel arbitrary file write vulnerability
Moderate
CVE-2024-34352
was published
for
github.com/1Panel-dev/1Panel
(Go)
May 9, 2024
Vitess vulnerable to infinite memory consumption and vtgate crash
Moderate
CVE-2024-32886
was published
for
github.com/vitessio/vitess
(Go)
May 8, 2024
tiagorlampert CHAOS vulnerable to arbitrary code execution
Moderate
CVE-2024-33434
was published
for
github.com/tiagorlampert/CHAOS
(Go)
May 7, 2024
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
High
CVE-2024-34084
was published
for
github.com/stacklok/minder
(Go)
May 7, 2024
go-ethereum vulnerable to DoS via malicious p2p message
High
CVE-2024-32972
was published
for
github.com/ethereum/go-ethereum
(Go)
May 6, 2024
btcd susceptible to consensus failures
Moderate
CVE-2024-34478
was published
for
github.com/btcsuite/btcd
(Go)
May 5, 2024
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull
Moderate
CVE-2024-34068
was published
for
github.com/pterodactyl/wings
(Go)
May 3, 2024
Pterodactyl Wings vulnerable to Arbitrary File Write/Read
High
CVE-2024-34066
was published
for
github.com/pterodactyl/wings
(Go)
May 3, 2024
piraeus-operator allows attacker to impersonate service account
Moderate
CVE-2024-33398
was published
for
github.com/piraeusdatastore/piraeus-operator/v2
(Go)
May 3, 2024
Some CORS middleware allow untrusted origins
Critical
GHSA-v84h-653v-4pq9
was published
for
github.com/jub0bs/fcors
(Go)
May 3, 2024
Some CORS middleware allow untrusted origins
Critical
GHSA-vhxv-fg4m-p2w8
was published
for
github.com/jub0bs/cors
(Go)
May 3, 2024
karmada vulnerable to arbitrary code execution via a crafted command
Moderate
CVE-2024-33396
was published
for
github.com/karmada-io/karmada
(Go)
May 2, 2024
kubevirt allows a local attacker to execute arbitrary code via a crafted command
Moderate
CVE-2024-33394
was published
for
kubevirt.io/kubevirt
(Go)
May 2, 2024
Zitadel exposing internal database user name and host information
Moderate
CVE-2024-32967
was published
for
github.com/zitadel/zitadel
(Go)
May 1, 2024
Navidrome Parameter Tampering vulnerability
Moderate
CVE-2024-32963
was published
for
github.com/navidrome/navidrome
(Go)
May 1, 2024
CRI-O vulnerable to an arbitrary systemd property injection
High
CVE-2024-3154
was published
for
github.com/cri-o/cri-o
(Go)
Apr 30, 2024
Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences
Moderate
CVE-2024-32476
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Apr 26, 2024
Mattermost allows team admins to promote guests to team admins
Low
CVE-2024-4195
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Mattermost fails to limit the size of a request path
Low
CVE-2024-22091
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Mattermost's detailed error messages reveal the full file path
Moderate
CVE-2024-32046
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Mattermost crashes web clients via a malformed custom status
Moderate
CVE-2024-4182
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Mattermost fails to limit the number of active sessions
Moderate
CVE-2024-4183
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Mattermost fails to fully validate role changes
Low
CVE-2024-4198
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Withdrawn: Runc allows an arbitrary systemd property to be injected
High
GHSA-c5pj-mqfh-rvc3
was published
for
github.com/opencontainers/runc
(Go)
Apr 26, 2024
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API