Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,301
Maven
5,000+
npm
3,942
NuGet
711
pip
3,711
Pub
12
RubyGems
920
Rust
960
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,052 advisories

Loading
OpenFGA Authorization Bypass Moderate
CVE-2025-48371 was published for github.com/openfga/openfga (Go) May 23, 2025
Mattermost allows a remote actor to make an arbitrary local channel read-only Moderate
CVE-2024-41162 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
zot logs secrets Moderate
CVE-2025-48374 was published for zotregistry.dev/zot (Go) May 22, 2025
lgtm-dude
Insufficient input sanitization in ejson2env Moderate
CVE-2025-48069 was published for ejson2env (RubyGems) May 21, 2025
thepwagner alexhope61
rj-coleman Owen-Cummings
containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods. Moderate
CVE-2025-47291 was published for github.com/containerd/containerd/v2 (Go) May 21, 2025
rata rogowski-piotr
Character injection in Hubble CLI Moderate
CVE-2025-48056 was published for github.com/cilium/hubble (Go) May 21, 2025
devodev bipierce-cisco
Bytebase allows low-privilege users to view admin projects Moderate
CVE-2022-32170 was published for github.com/bytebase/bytebase (Go) Sep 29, 2022
OpenShift Console Server Side Request Forgery vulnerability Moderate
CVE-2024-6538 was published for github.com/openshift/console (Go) Nov 25, 2024
Nomad Panics On Job Submission With Bad Artifact Stanza Source URL Moderate
CVE-2022-41606 was published for github.com/hashicorp/nomad (Go) Oct 12, 2022
Linkerd resource exhaustion vulnerability Moderate
CVE-2025-43915 was published for github.com/linkerd/linkerd2 (Go) May 5, 2025
ericd
golang.org/x/net vulnerable to Cross-site Scripting Moderate
CVE-2025-22872 was published for golang.org/x/net (Go) Apr 16, 2025
Mattermost Fails to Verify User's Permissions When Accessing Groups Moderate
CVE-2025-2527 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
Mattermost Fails to Validate Team Invite Permissions Moderate
CVE-2025-3446 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
Mattermost Fails to Lockout LDAP Users After Repeated Login Failures Moderate
CVE-2025-31947 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
SeaweedFS Vulnerable to SQL Injection Moderate
CVE-2024-40120 was published for github.com/seaweedfs/seaweedfs (Go) May 16, 2025
HashiCorp Vault's revocation list not respected Moderate
CVE-2022-41316 was published for github.com/hashicorp/vault (Go) Jul 6, 2023
LF Edge eKuiper Vulnerable to Stored XSS in Configuration Key Functionality Moderate
CVE-2024-52290 was published for github.com/lf-edge/ekuiper (Go) May 14, 2025
TheMostKnown
nosurf vulnerable to CSRF due to non-functional same-origin request checks Moderate
CVE-2025-46721 was published for github.com/justinas/nosurf (Go) May 14, 2025
patrickod
Mattermost fails to limit the number of active sessions Moderate
CVE-2024-4183 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission Moderate
CVE-2024-11741 was published for github.com/grafana/grafana (Go) Jan 31, 2025
HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net Moderate
CVE-2025-22870 was published for golang.org/x/net (Go) Mar 12, 2025
Missing Role Based Access Control for the REST handlers in bleve/http package Moderate
CVE-2022-31022 was published for github.com/blevesearch/bleve (Go) Jun 3, 2022
Proximyst
Kyverno ignores subjectRegExp and IssuerRegExp Moderate
CVE-2025-29778 was published for github.com/kyverno/kyverno (Go) Mar 24, 2025
frgt10cs
Archiver Path Traversal vulnerability Moderate
CVE-2024-0406 was published for github.com/mholt/archiver (Go) Apr 6, 2024
kbsteere
Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization in github.com/casdoor/casdoor Moderate
CVE-2025-4210 was published for github.com/casdoor/casdoor (Go) May 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database