Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,257 advisories

Loading
Kubernetes did not effectively clear service account credentials High
CVE-2019-11243 was published for k8s.io/kubernetes (Go) May 24, 2022
awsactran
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security Moderate
CVE-2024-21494 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Mattermost Playbooks fails to properly validate permissions Low
CVE-2025-41423 was published for github.com/mattermost/mattermost-plugin-playbooks (Go) Apr 24, 2025
Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type Moderate
CVE-2025-41395 was published for github.com/mattermost/mattermost-plugin-playbooks (Go) Apr 24, 2025
Mattermost Playbooks fails to validate the uniqueness and quantity of task actions Moderate
CVE-2025-35965 was published for github.com/mattermost/mattermost-plugin-playbooks (Go) Apr 24, 2025
NATS Server may fail to authorize certain Jetstream admin APIs Critical
CVE-2025-30215 was published for github.com/nats-io/nats-server/v2 (Go) Apr 15, 2025
zarqman
Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS Moderate
CVE-2025-32963 was published for github.com/minio/operator (Go) Apr 21, 2025
bburky pjuarezd
Mattermost doesn't restrict domains LLM can request to contact upstream Low
CVE-2025-31363 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
Mattermost vulnerable to Observable Timing Discrepancy Moderate
CVE-2025-27936 was published for github.com/mattermost/mattermost-plugin-msteams (Go) Apr 16, 2025
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2025-27571 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
kbsteere
Mattermost Missing Authentication for Critical Function Low
CVE-2025-27538 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-24839 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
Kyverno vulnerable to SSRF via Service Calls High
GHSA-459x-q9hg-4gpq was published for github.com/kyverno/kyverno (Go) Apr 15, 2025
r0binak
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-2424 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 14, 2025
Dpanel's hard-coded JWT secret leads to remote code execution Critical
CVE-2025-30206 was published for github.com/donknap/dpanel (Go) Apr 15, 2025
NS-Sp4ce
Mattermost vulnerable to Incorrect Implementation of Authentication Algorithm Moderate
CVE-2025-2475 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 14, 2025
kbsteere
Mattermost Fails to Restrict Certain Operations on System Admins Moderate
CVE-2025-32093 was published for github.com/mattermost/mattermost-server (Go) Apr 14, 2025
Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR Critical
CVE-2025-32445 was published for github.com/argoproj/argo-events (Go) Apr 14, 2025
thevilledev
CVE-2025-1386- Query smuggling in ch-go library Moderate
CVE-2025-1386 was published for github.com/ClickHouse/ch-go (Go) Apr 12, 2025
Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint Low
CVE-2025-24866 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 10, 2025
gorilla/csrf CSRF vulnerability due to broken Referer validation Moderate
CVE-2025-24358 was published for github.com/gorilla/csrf (Go) Apr 14, 2025
patrickod
csaf-poc/csaf_distribution Cross-site Scripting vulnerability Moderate
CVE-2022-43996 was published for github.com/csaf-poc/csaf_distribution (Go) Dec 14, 2022
tdunlap607
Dragonfly2 has hard coded cyptographic key Critical
CVE-2023-27584 was published for d7y.io/dragonfly/v2 (Go) Sep 19, 2024
cokeBeer
uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries Moderate
GHSA-pmc3-p9hx-jq96 was published for github.com/refraction-networking/utls (Go) Apr 23, 2025
In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters Moderate
CVE-2025-32793 was published for github.com/cilium/cilium (Go) Apr 21, 2025
julianwiedmann
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database