Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,815
Erlang
36
GitHub Actions
32
Go
2,401
Maven
5,000+
npm
4,045
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,401 advisories

Loading
Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks Low
CVE-2025-52889 was published for github.com/lxc/incus/v6 (Go) Jun 26, 2025
obp-anssi
Octo STS Unauthenticated SSRF by abusing fields in OpenID Connect tokens High
CVE-2025-52477 was published for github.com/octo-sts/app (Go) Jun 26, 2025
vicevirus cpanato
mgreau eslerm
Gogs XSS allowed by stored call in PDF renderer Moderate
CVE-2025-47943 was published for github.com/gogs/gogs (Go) Jun 26, 2025
edoardottt
Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode Low
CVE-2025-6624 was published for github.com/snyk/go-application-framework (Go) Jun 26, 2025
Podman Improper Certificate Validation; machine missing TLS verification High
CVE-2025-6032 was published for github.com/containers/podman/v4 (Go) Jun 25, 2025
Luap99
Gogs allows deletion of internal files which leads to remote command execution Critical
CVE-2024-56731 was published for gogs.io/gogs (Go) Jun 24, 2025
Ry0taK
kubernetes allows nodes to bypass dynamic resource allocation authorization checks Low
CVE-2025-4563 was published for k8s.io/kubernetes (Go) Jun 23, 2025
chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes Moderate
GHSA-vrw8-fxc6-2r93 was published for github.com/go-chi/chi/v5 (Go) Jun 20, 2025
anuraagbaishya
Mattermost allows an unauthorized Guest user access to Playbook Moderate
CVE-2025-3228 was published for github.com/mattermost/mattermost-server (Go) Jun 20, 2025
Mattermost allows unauthorized channel member management through playbook runs Moderate
CVE-2025-3227 was published for github.com/mattermost/mattermost-server (Go) Jun 20, 2025
Mattermost allows authenticated users to write files to arbitrary locations Critical
CVE-2025-4981 was published for github.com/mattermost/mattermost-server (Go) Jun 20, 2025
Velociraptor vulnerable to privilege escalation via UpdateConfig artifact Moderate
CVE-2025-6264 was published for www.velocidex.com/golang/velociraptor (Go) Jun 20, 2025
Grafana long dashboard title or panel name causes unresponsives Low
CVE-2025-1088 was published for github.com/grafana/grafana (Go) Jun 18, 2025
OSV-SCALIBR's Container Image Unpacking Vulnerable to Arbitrary File Write via Path Traversal Moderate
CVE-2025-5981 was published for github.com/google/osv-scalibr (Go) Jun 18, 2025
Malayke
Teleport allows remote authentication bypass Critical
CVE-2025-49825 was published for github.com/gravitational/teleport (Go) Jun 16, 2025
New authd users logging in via SSH are members of the root group Moderate
CVE-2025-5689 was published for github.com/ubuntu/authd (Go) Jun 16, 2025
uptrace pgdriver SQL injection vulnerability Moderate
CVE-2024-44906 was published for github.com/uptrace/bun/driver/pgdriver (Go) Jun 12, 2025
maxfierke
go-pg SQL injection vulnerability via the component /types/append_value.go Moderate
CVE-2024-44905 was published for github.com/go-pg/pg (Go) Jun 12, 2025
Hashicorp Nomad Incorrect Privilege Assignment vulnerability High
CVE-2025-4922 was published for github.com/hashicorp/nomad (Go) Jun 11, 2025
dduzgun-security
CWA-2025-006: wasmd's improper error handling may lead to IBC channel opening despite error High
GHSA-79xg-q4qm-7v9w was published for github.com/CosmWasm/wasmd (Go) Jun 11, 2025
Mattermost allows guest users to view information about public teams they are not members of Low
CVE-2025-4128 was published for github.com/mattermost/mattermost-server (Go) Jun 11, 2025
Mattermost allows authenticated administrator to execute LDAP search filter injection Moderate
CVE-2025-4573 was published for github.com/mattermost/mattermost-server (Go) Jun 11, 2025
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
GHSA-2x5j-vhc8-9cwm was published for github.com/cloudflare/circl (Go) Jun 10, 2025
Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS) High
CVE-2025-49140 was published for github.com/pion/interceptor (Go) Jun 9, 2025
JoeTurki kmansoft
3DRX
listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user Critical
CVE-2025-49136 was published for github.com/knadh/listmonk (Go) Jun 9, 2025
nakkouchtarek
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database