Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,688
Erlang
34
GitHub Actions
26
Go
2,274
Maven
5,000+
npm
3,930
NuGet
706
pip
3,696
Pub
12
RubyGems
919
Rust
955
Swift
38
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
PipeCD Vulnerable to Privilege Escalation High
CVE-2024-53351 was published for github.com/pipe-cd/pipecd (Go) Mar 21, 2025
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login High
CVE-2025-23389 was published for github.com/rancher/rancher (Go) Feb 27, 2025
OpenShift Hive RCE through AWS/Kubernetes client configuration leads to privilege escalation High
CVE-2024-25133 was published for github.com/openshift/hive (Go) Dec 31, 2024
Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams High
CVE-2024-42497 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm High
GHSA-6vjm-54vp-mxhx was published for github.com/juju/juju (Go) Aug 5, 2024
phvalguima manadart
SimonRichardson hpidcock lucistanescu eslerm
Mattermost allows remote actor to create/update/delete posts in arbitrary channels High
CVE-2024-41144 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
karmada vulnerable to arbitrary code execution via a crafted command High
CVE-2024-33396 was published for github.com/karmada-io/karmada (Go) May 2, 2024
Rancher's Steve API Component Improper authorization check allows privilege escalation High
CVE-2021-36776 was published for github.com/rancher/rancher (Go) Apr 24, 2024
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication High
CVE-2021-36775 was published for github.com/rancher/rancher (Go) Apr 24, 2024
Access Restriction Bypass in go-ipfs High
CVE-2020-10937 was published for github.com/ipfs/go-ipfs (Go) Apr 24, 2024
Mattermost fails to authenticate the source of certain types of post actions High
CVE-2024-2447 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
Mattermost post fetching without auditing in compliance export High
CVE-2024-1887 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
HashiCorp Consul Incorrect Access Control vulnerability High
CVE-2019-12291 was published for github.com/hashicorp/consul (Go) Jun 9, 2023
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster High
CVE-2022-21953 was published for github.com/rancher/rancher (Go) Jan 25, 2023
Privilege escalation in project role template binding (PRTB) and -promoted roles High
CVE-2022-43759 was published for github.com/rancher/rancher (Go) Jan 25, 2023
GitOps Run allows for Kubernetes workload injection High
CVE-2022-23508 was published for github.com/weaveworks/weave-gitops (Go) Jan 9, 2023
pjbgf
usememos/memos Improper Access Control vulnerability High
CVE-2022-4809 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Access Control vulnerability High
CVE-2022-4803 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos vulnerable to account takeover due to improper access control High
CVE-2022-4689 was published for github.com/usememos/memos (Go) Dec 23, 2022
usememos/memos Improper Access Control vulnerability High
CVE-2022-4684 was published for github.com/usememos/memos (Go) Dec 23, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete High
GHSA-28q9-9c3g-v3f9 was published for github.com/treeverse/lakefs (Go) Sep 23, 2022
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure High
CVE-2022-2995 was published for github.com/cri-o/cri-o (Go) Sep 20, 2022
Argo CD improper access control bug can allow malicious user to escalate privileges to admin level High
CVE-2022-1025 was published for github.com/argoproj/argo-cd (Go) Jul 13, 2022
HashiCorp Consul Access Restriction Bypass High
CVE-2019-8336 was published for github.com/hashicorp/consul (Go) May 13, 2022
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server High
CVE-2022-24730 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt jessesuen
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database