Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,297
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
920
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,297 advisories

Loading
Ackites KillWxapkg Zip Bomb Resource Exhaustion Low
CVE-2025-5031 was published for github.com/Ackites/KillWxapkg (Go) May 21, 2025
Insufficient input sanitization in ejson2env Moderate
CVE-2025-48069 was published for ejson2env (RubyGems) May 21, 2025
thepwagner alexhope61
rj-coleman Owen-Cummings
containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods. Moderate
CVE-2025-47291 was published for github.com/containerd/containerd/v2 (Go) May 21, 2025
rata rogowski-piotr
Character injection in Hubble CLI Moderate
CVE-2025-48056 was published for github.com/cilium/hubble (Go) May 21, 2025
devodev bipierce-cisco
containerd allows host filesystem access on pull High
CVE-2025-47290 was published for github.com/containerd/containerd/v2 (Go) May 21, 2025
tonistiigi
Bytebase allows low-privilege users to view admin projects Moderate
CVE-2022-32170 was published for github.com/bytebase/bytebase (Go) Sep 29, 2022
OpenShift Console Server Side Request Forgery vulnerability Moderate
CVE-2024-6538 was published for github.com/openshift/console (Go) Nov 25, 2024
Nomad Panics On Job Submission With Bad Artifact Stanza Source URL Moderate
CVE-2022-41606 was published for github.com/hashicorp/nomad (Go) Oct 12, 2022
Linkerd resource exhaustion vulnerability Moderate
CVE-2025-43915 was published for github.com/linkerd/linkerd2 (Go) May 5, 2025
ericd
Gardener allows metadata injection for a project secret which can lead to privilege escalation Critical
CVE-2025-47284 was published for github.com/gardener/gardener (Go) May 19, 2025
Gardener allows bypassing project secret validation which can lead to privilege escalation Critical
CVE-2025-47283 was published for github.com/gardener/gardener (Go) May 19, 2025
Gardener External DNS Management allows malicious google credential in DNS secret to lead to privilege escalation Critical
CVE-2025-47282 was published for github.com/gardener/external-dns-management (Go) May 19, 2025
Arbitrary code execution due to an uncontrolled search path for the git binary Critical
CVE-2021-28955 was published for github.com/MichaelMure/git-bug (Go) May 25, 2021
golang.org/x/net vulnerable to Cross-site Scripting Moderate
CVE-2025-22872 was published for golang.org/x/net (Go) Apr 16, 2025
Ollama Server Vulnerable to Denial of Service (DoS) Attack High
CVE-2025-1975 was published for github.com/ollama/ollama (Go) May 16, 2025
Mattermost Fails to Check User Access to `ExperimentalSettings` Low
CVE-2025-2570 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
Mattermost Fails to Verify User's Permissions When Accessing Groups Moderate
CVE-2025-2527 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
Mattermost Fails to Validate Team Invite Permissions Moderate
CVE-2025-3446 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
Mattermost Fails to Lockout LDAP Users After Repeated Login Failures Moderate
CVE-2025-31947 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
SeaweedFS Vulnerable to SQL Injection Moderate
CVE-2024-40120 was published for github.com/seaweedfs/seaweedfs (Go) May 16, 2025
golang.org/x/text/language Denial of service via crafted Accept-Language header High
CVE-2022-32149 was published for golang.org/x/text (Go) Oct 14, 2022
rbeuque74
OpenShift GitOps Operator Namespace Isolation Break High
CVE-2024-13484 was published for github.com/redhat-developer/gitops-operator (Go) Jan 28, 2025
svghadi
HashiCorp Vault's revocation list not respected Moderate
CVE-2022-41316 was published for github.com/hashicorp/vault (Go) Jul 6, 2023
Ollama Divide by Zero Vulnerability High
CVE-2024-8063 was published for github.com/ollama/ollama (Go) Mar 20, 2025
Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter High
CVE-2025-30153 was published for github.com/getkin/kin-openapi (Go) Mar 19, 2025
blotus dwertent
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database