Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
23
Go
2,166
Maven
5,000+
npm
3,830
NuGet
696
pip
3,507
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

234 advisories

Loading
VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder Critical
CVE-2024-9486 was published for github.com/kubernetes-sigs/image-builder (Go) Oct 15, 2024
SSOReady has an XML Signature Bypass via differential XML parsing Critical
CVE-2024-47832 was published for github.com/ssoready/ssoready (Go) Oct 11, 2024
ahacker1-securesaml
Duplicate Advisory: NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability Critical
GHSA-536j-xxhg-6pgg was published for github.com/NVIDIA/nvidia-container-toolkit (Go) Sep 26, 2024 withdrawn
Mellium allows Authentication Bypass by Spoofing Critical
CVE-2024-46957 was published for mellium.im/xmpp (Go) Sep 25, 2024
Navidrome has Multiple SQL Injections and ORM Leak Critical
CVE-2024-47062 was published for github.com/navidrome/navidrome (Go) Sep 20, 2024
snyff
HTTP client can manipulate custom HTTP headers that are added by Traefik Critical
CVE-2024-45410 was published for github.com/traefik/traefik (Go) Sep 19, 2024
drolmat
Dragonfly2 has hard coded cyptographic key Critical
CVE-2023-27584 was published for d7y.io/dragonfly/v2 (Go) Sep 19, 2024
cokeBeer
Grafana plugin SDK Information Leakage Critical
CVE-2024-8986 was published for github.com/grafana/grafana-plugin-sdk-go (Go) Sep 19, 2024
Chaosblade vulnerable to OS command execution Critical
CVE-2023-47105 was published for github.com/chaosblade-io/chaosblade (Go) Sep 18, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints Critical
CVE-2024-42490 was published for goauthentik.io (Go) Aug 22, 2024
m2a2
SQL injection in github.com/stashapp/stash Critical
CVE-2024-32231 was published for github.com/stashapp/stash (Go) Aug 15, 2024
RBAC Roles for `etcd` created by Kamaji are not disjunct Critical
CVE-2024-42480 was published for github.com/clastix/kamaji (Go) Aug 12, 2024
SimonKienzler prometherion
Gitea Cross-site Scripting Vulnerability Critical
CVE-2024-6886 was published for code.gitea.io/gitea (Go) Aug 6, 2024
rudder-server is vulnerable to SQL injection Critical
CVE-2023-30625 was published for github.com/rudderlabs/rudder-server (Go) Aug 5, 2024
CasaOS Command Injection vulnerability Critical
CVE-2023-37469 was published for github.com/IceWhaleTech/CasaOS (Go) Aug 5, 2024
Mattermost allows unsolicited invites to expose access to local channels Critical
CVE-2024-39777 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel Critical
CVE-2024-39274 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
pREST vulnerable to jwt bypass + sql injection Critical
GHSA-wm25-j4gw-6vr3 was published for github.com/prest/prest (Go) Jul 30, 2024
mihail8531
Authz zero length regression Critical
CVE-2024-41110 was published for github.com/docker/docker (Go) Jul 30, 2024
corhere westonsteimel
debasishbsws
Volcano has insecure permissions Critical
CVE-2024-36533 was published for github.com/volcano-sh/volcano (Go) Jul 24, 2024
fabedge has insecure permissions Critical
CVE-2024-36536 was published for github.com/fabedge/fabedge (Go) Jul 24, 2024
1Panel has an SQL injection issue related to the orderBy clause Critical
CVE-2024-39907 was published for github.com/1Panel-dev/1Panel (Go) Jul 18, 2024
xuebibibibibi
Duplicate Advisory: Gogs allows argument injection during the previewing of changes Critical
GHSA-hf29-9hfh-w63j was published for github.com/gogs/gogs (Go) Jul 4, 2024 withdrawn
Duplicate Advisory: github.com/gogs/gogs affected by CVE-2024-39930 Critical
GHSA-p69r-v3h4-rj4f was published for github.com/gogs/gogs (Go) Jul 4, 2024 withdrawn
Duplicate Advisory: Gogs allows deletion of internal files Critical
GHSA-2vgj-3pvg-xh4w was published for github.com/gogs/gogs (Go) Jul 4, 2024 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database