Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,783
Erlang
36
GitHub Actions
29
Go
2,353
Maven
5,000+
npm
3,977
NuGet
720
pip
3,774
Pub
12
RubyGems
923
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
Local directory executable lookup in sops (Windows-only) Low
GHSA-x5c7-x7m2-rhmf was published for go.mozilla.org/sops/v3 (Go) May 20, 2021
Ry0taK
Hugo can execute a binary from the current directory on Windows High
CVE-2020-26284 was published for github.com/gohugoio/hugo (Go) Jun 23, 2021
Ry0taK
Git LFS can execute a Git binary from the current directory on Windows High
CVE-2021-21237 was published for github.com/git-lfs/git-lfs (Go) Feb 15, 2022
Ry0taK
Cross-site scripting on application summary component Critical
CVE-2024-28175 was published for github.com/argoproj/argo-cd (Go) Mar 15, 2024
Ry0taK agaudreault
crenshaw-dev
Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer High
CVE-2024-52308 was published for github.com/cli/cli (Go) Nov 14, 2024
sarahbarili cmbrose
BlueSzy andyfeller BagToad Ry0taK
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace Moderate
CVE-2024-53859 was published for github.com/cli/go-gh (Go) Nov 27, 2024
BagToad williammartin
andyfeller jtmcg Ry0taK
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts Moderate
CVE-2024-53858 was published for github.com/cli/cli/v2 (Go) Nov 27, 2024
BagToad andyfeller
williammartin jtmcg Ry0taK
WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover High
GHSA-2r2v-9pf8-6342 was published for github.com/h44z/wg-portal (Go) Jan 7, 2025
Ry0taK
Git LFS permits exfiltration of credentials via crafted HTTP URLs High
CVE-2024-53263 was published for github.com/git-lfs/git-lfs (Go) Jan 14, 2025
Ry0taK
Miniflux Media Proxy vulnerable to Stored Cross-site Scripting due to improper Content-Security-Policy configuration Moderate
CVE-2025-31483 was published for miniflux.app/v2 (Go) Apr 4, 2025
Ry0taK takumi-san-ai
Argo CD allows cross-site scripting on repositories page Critical
CVE-2025-47933 was published for github.com/argoproj/argo-cd (Go) May 28, 2025
Ry0taK crenshaw-dev
Gogs allows deletion of internal files which leads to remote command execution Critical
CVE-2024-56731 was published for gogs.io/gogs (Go) Jun 24, 2025
Ry0taK
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database