Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,223 advisories

Loading
step-ca Has Improper Authorization Check for SSH Certificate Revocation Moderate
CVE-2025-66406 was published for github.com/smallstep/certificates (Go) Dec 3, 2025
Apptainer ineffectively applies selinux and apparmor --security options Moderate
CVE-2025-65105 was published for github.com/apptainer/apptainer (Go) Dec 2, 2025
dtrudg
Credited to dtrudg
Singluarity ineffectively applies selinux / apparmor LSM process labels Moderate
CVE-2025-64750 was published for github.com/sylabs/singularity/v4 (Go) Dec 2, 2025
Eclipse Paho Go MQTT may incorrectly encode strings if length exceeds 65535 bytes Moderate
CVE-2025-10543 was published for github.com/eclipse/paho.mqtt.golang (Go) Dec 2, 2025
Mattermost fails to validate user permissions when deleting comments in Boards Moderate
CVE-2025-12756 was published for github.com/mattermost/mattermost (Go) Dec 1, 2025
Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic Moderate
CVE-2025-64715 was published for Ciliumgithub.com/cilium/cilium (Go) Dec 1, 2025
SeanEmac fristonio
Credited to SeanEmac and fristonio
Mattermost fails to sanitize team email addresses Moderate
CVE-2025-12559 was published for github.com/mattermost/mattermost-server (Go) Nov 27, 2025
Babylon's BIP322 signature implementation is not fully compliant to the spec Moderate
GHSA-xq4h-wqm2-668w was published for github.com/babylonlabs-io/babylon/v4 (Go) Nov 24, 2025
Free5GC is vulnerable to DoS through its Npcf_BDTPolicyControl POST API Moderate
CVE-2025-60632 was published for github.com/free5gc/pcf (Go) Nov 24, 2025
Free5GC is vulnerable to DoS via the Nudm_SubscriberDataManagement API Moderate
CVE-2025-60633 was published for github.com/free5gc/openapi (Go) Nov 24, 2025
OpenFGA Improper Policy Enforcement Moderate
CVE-2025-64751 was published for github.com/openfga/openfga (Go) Nov 20, 2025
golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read Moderate
CVE-2025-47914 was published for golang.org/x/crypto (Go) Nov 19, 2025
leonklingele
Credited to leonklingele
golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption Moderate
CVE-2025-58181 was published for golang.org/x/crypto (Go) Nov 19, 2025
esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript Moderate
CVE-2025-65026 was published for github.com/esm-dev/esm.sh (Go) Nov 19, 2025
pyozzi-toss
Credited to pyozzi-toss
authentik's invitation expiry is delayed by at least 5 minutes Moderate
CVE-2025-64708 was published for goauthentik.io (Go) Nov 19, 2025
melizeche
Credited to melizeche
authentik allows a deactivated Service account to authenticate to OAuth Moderate
CVE-2025-64521 was published for goauthentik.io (Go) Nov 19, 2025
Mattermost allows system administrators to access password hashes and MFA secrets Moderate
CVE-2025-11794 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
Mattermost fails to properly restrict access to archived channel search API Moderate
CVE-2025-11776 was published for github.com/mattermost/mattermost (Go) Nov 14, 2025
Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL Moderate
CVE-2025-55073 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
Mattermost does not enforce MFA on WebSocket connections Moderate
CVE-2025-55070 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
Soft Serve does not sanitize ANSI escape sequences in user input Moderate
CVE-2025-64494 was published for github.com/charmbracelet/soft-serve (Go) Nov 6, 2025
Tomer-PL caarlos0
Credited to Tomer-PL and caarlos0
KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes Moderate
CVE-2025-64437 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
xpivarc
Credited to mihailkirov, Faeris95, and xpivarc
KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes Moderate
CVE-2025-64436 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
xpivarc
Credited to mihailkirov, Faeris95, and xpivarc
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation Moderate
CVE-2025-64435 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
KubeVirt's Improper TLS Certificate Management Handling Allows API Identity Spoofing Moderate
CVE-2025-64434 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database