GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
244 advisories
Wazuh server vulnerable to remote code execution
Critical
CVE-2025-24016
was published
for
github.com/wazuh/wazuh
(Go)
Apr 22, 2025
Traefik affected by Go HTTP Request Smuggling Vulnerability
Critical
GHSA-5423-jcjm-2gpv
was published
for
github.com/traefik/traefik/v2
(Go)
Apr 18, 2025
NATS Server may fail to authorize certain Jetstream admin APIs
Critical
CVE-2025-30215
was published
for
github.com/nats-io/nats-server/v2
(Go)
Apr 15, 2025
Dpanel's hard-coded JWT secret leads to remote code execution
Critical
CVE-2025-30206
was published
for
github.com/donknap/dpanel
(Go)
Apr 15, 2025
Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR
Critical
CVE-2025-32445
was published
for
github.com/argoproj/argo-events
(Go)
Apr 14, 2025
Rancher: Restricted Administrator can change Administrator's passwords
Critical
CVE-2025-23391
was published
for
github.com/rancher/rancher
(Go)
Apr 1, 2025
Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input
Critical
CVE-2025-30223
was published
for
github.com/beego/beego
(Go)
Mar 31, 2025
ingress-nginx admission controller RCE escalation
Critical
CVE-2025-1974
was published
for
k8s.io/ingress-nginx
(Go)
Mar 25, 2025
kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace
Critical
CVE-2025-29922
was published
for
github.com/kcp-dev/kcp
(Go)
Mar 20, 2025
cheqd-node Security patch for upstream vulnerabilities in IBC-Go (ISA-2025-001) and Cosmos SDK (ISA-2025-002)
Critical
GHSA-h2rp-8vpx-q9r4
was published
for
github.com/cheqd/cheqd-node
(Go)
Mar 13, 2025
cheqd-node affected by Non-deterministic JSON Unmarshalling of IBC Acknowledgement
Critical
GHSA-33cr-m232-xqch
was published
for
github.com/cheqd/cheqd-node
(Go)
Mar 11, 2025
Fleet has SAML authentication vulnerability due to improper SAML response validation
Critical
CVE-2025-27509
was published
for
github.com/fleetdm/fleet/v4
(Go)
Mar 6, 2025
IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations
Critical
CVE-2025-27507
was published
for
github.com/zitadel/zitadel
(Go)
Mar 4, 2025
IBC-Go has Non-deterministic JSON Unmarshalling of IBC Acknowledgement
Critical
GHSA-jg6f-48ff-5xrw
was published
for
github.com/cosmos/ibc-go
(Go)
Feb 28, 2025
WhoDB has a path traversal opening Sqlite3 database
Critical
CVE-2025-24786
was published
for
github.com/clidey/whodb/core
(Go)
Feb 6, 2025
go-git has an Argument Injection via the URL field
Critical
CVE-2025-21613
was published
for
github.com/go-git/go-git/v5
(Go)
Jan 6, 2025
Gogs has an argument Injection in the built-in SSH server
Critical
CVE-2024-39930
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Gogs allows argument injection during the previewing of changes
Critical
CVE-2024-39932
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Gogs allows deletion of internal files
Critical
CVE-2024-39931
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
GoCast OS Command Injection vulnerability
Critical
CVE-2024-28892
was published
for
github.com/mayuresh82/gocast
(Go)
Dec 20, 2024
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Critical
CVE-2024-45337
was published
for
golang.org/x/crypto
(Go)
Dec 11, 2024
ProTip!
Advisories are also available from the
GraphQL API