GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,556
Maven
5,000+
npm
4,228
NuGet
747
pip
4,000
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+
2,556 advisories
Filter by severity
Casdoor is vulnerable to Improper Authorization
High
CVE-2025-61524
was published
for
github.com/casdoor/casdoor
(Go)
Oct 8, 2025
CometBFT's invalid BitArray handling can lead to network halt
High
GHSA-hrhf-2vcr-ghch
was published
for
github.com/cometbft/cometbft
(Go)
Oct 14, 2025
Withdrawn Advisory: Infinite loop in xz
High
CVE-2020-16845
was published
for
github.com/ulikunitz/xz
(Go)
Dec 16, 2021
•
withdrawn
Argo Workflow may expose artifact repository credentials
High
CVE-2025-62157
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Oct 14, 2025
Argo Workflow has a Zipslip Vulnerability
High
CVE-2025-62156
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Oct 14, 2025
Omni is Vulnerable to DoS via Empty Create/Update Resource Requests
Moderate
CVE-2025-59836
was published
for
github.com/siderolabs/omni
(Go)
Oct 13, 2025
Omni vulnerable to information leak via API
High
CVE-2025-61688
was published
for
github.com/siderolabs/omni
(Go)
Oct 13, 2025
Velociraptor vulnerable to privilege escalation via UpdateConfig artifact
Moderate
CVE-2025-6264
was published
for
www.velocidex.com/golang/velociraptor
(Go)
Jun 20, 2025
quic-go: Panic occurs when queuing undecryptable packets after handshake completion
High
CVE-2025-59530
was published
for
github.com/quic-go/quic-go
(Go)
Oct 10, 2025
chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes
Moderate
GHSA-vrw8-fxc6-2r93
was published
for
github.com/go-chi/chi/v5
(Go)
Jun 20, 2025
Grafana path traversal
High
CVE-2021-43798
was published
for
github.com/grafana/grafana
(Go)
Feb 1, 2024
Coder AgentAPI exposed user chat history via a DNS rebinding attack
Moderate
CVE-2025-59956
was published
for
github.com/coder/agentapi
(Go)
Sep 29, 2025
Hyperledger Fabric does not verify request has a timestamp within the expected time window
Moderate
CVE-2024-45244
was published
for
github.com/hyperledger/fabric
(Go)
Aug 25, 2024
rardecode: DoS risk due to unrestricted RAR dictionary sizes
Moderate
CVE-2025-11579
was published
for
github.com/nwaples/rardecode/v2
(Go)
Oct 10, 2025
Parallax is vulnerable to DoS via malicious p2p message
High
GHSA-xc79-566c-j4qx
was published
for
github.com/microstack-tech/parallax
(Go)
Oct 10, 2025
Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret
Moderate
CVE-2025-61926
was published
for
github.com/ossf/allstar
(Go)
Oct 10, 2025
gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm
High
CVE-2025-58157
was published
for
github.com/consensys/gnark
(Go)
Aug 29, 2025
Nil dereference in NATS JWT, DoS of nats-server
High
CVE-2020-26521
was published
for
github.com/nats-io/jwt
(Go)
Feb 11, 2022
Nil dereference in NATS JWT causing DoS of nats-server
High
GHSA-hmm9-r2m2-qg9w
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 21, 2021
Incorrect handling of credential expiry by /nats-io/nats-server
High
GHSA-2c64-vj8g-vwrq
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 21, 2021
Incorrect handling of credential expiry by /nats-io/nats-server
Critical
CVE-2020-26892
was published
for
github.com/nats-io/jwt
(Go)
Feb 11, 2022
github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks
High
CVE-2025-61595
was published
for
github.com/MANTRA-Chain/mantrachain
(Go)
Sep 30, 2025
Canonical LXD CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI
High
CVE-2025-54286
was published
for
github.com/canonical/lxd
(Go)
Oct 2, 2025
Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns
High
CVE-2025-54287
was published
for
github.com/lxc/lxd
(Go)
Oct 2, 2025
ProTip!
Advisories are also available from the
GraphQL API