Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,706
Erlang
34
GitHub Actions
28
Go
2,292
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

165 advisories

Loading
Mattermost Fails to Check User Access to `ExperimentalSettings` Low
CVE-2025-2570 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
Mattermost fails to limit the size of a request path Low
CVE-2024-22091 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
Terraform WinDNS Provider improperly sanitizes input variables in `windns_record` Low
CVE-2025-46735 was published for github.com/nrkno/terraform-provider-windns (Go) May 6, 2025
polo-sec sjurtf
Foxboron
Go Snowflake Driver has race condition when checking access to Easy Logging configuration file Low
CVE-2025-46327 was published for github.com/snowflakedb/gosnowflake (Go) Apr 28, 2025
Mattermost Playbooks fails to properly validate permissions Low
CVE-2025-41423 was published for github.com/mattermost/mattermost-plugin-playbooks (Go) Apr 24, 2025
Mattermost doesn't restrict domains LLM can request to contact upstream Low
CVE-2025-31363 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
Mattermost Missing Authentication for Critical Function Low
CVE-2025-27538 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-24839 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-2424 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 14, 2025
Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint Low
CVE-2025-24866 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 10, 2025
Apache Answer User Using External Images Potentially Discloses User Information Low
CVE-2025-29868 was published for github.com/apache/answer (Go) Apr 1, 2025
Cilium node based network policies may incorrectly allow workload traffic Low
CVE-2025-30163 was published for Ciliumgithub.com/cilium/cilium (Go) Mar 24, 2025
oblazek
Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers Low
CVE-2025-30162 was published for github.com/cilium/cilium (Go) Mar 24, 2025
pjablonski123
Mattermost fail to prompt for explicit approval before adding a team admin to a private channel Low
CVE-2025-27715 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 21, 2025
Reflected XSS in go-httpbin due to unrestricted client control over Content-Type Low
GHSA-528q-4pgm-wvg2 was published for github.com/mccutchen/go-httpbin (Go) Mar 21, 2025
AyushXtha
Kubernetes kube-apiserver Vulnerable to Race Condition Low
CVE-2024-7598 was published for k8s.io/kubernetes/cmd/kube-apiserver (Go) Mar 20, 2025
LocalAI Cross-site Scripting vulnerability Low
CVE-2024-48057 was published for github.com/mudler/LocalAI (Go) Nov 5, 2024
lxd has a restricted TLS certificate privilege escalation when in PKI mode Low
CVE-2024-6219 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing
go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment Low
CVE-2025-29923 was published for github.com/redis/go-redis/v9 (Go) Mar 20, 2025
Mattermost fails to invalidate all active sessions when converting a user to a bot Low
CVE-2025-1412 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 24, 2025
Authelia applies regulation separately to Username-based logins to Email-based logins Low
CVE-2025-24806 was published for github.com/authelia/authelia/v4 (Go) Feb 19, 2025
tsschaffert Ahrdie
caesarakalaeii
Unencrypted transmission in Temporal api-go library Low
CVE-2025-1243 was published for go.temporal.io/api (Go) Feb 12, 2025
1Panel's password verification is suspected to have a timing attack vulnerability Low
CVE-2024-30257 was published for github.com/1Panel-dev/1Panel (Go) Apr 18, 2024
Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true Low
GHSA-x9qq-236j-gj97 was published for github.com/canonical/lxd (Go) Dec 5, 2023
p-ouellette gshanbhag525
1Panel set-cookie is missing the Secure keyword Low
CVE-2024-24768 was published for github.com/1Panel-dev/1Panel (Go) Feb 5, 2024
anonymous-nlp-student
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database