GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
141 advisories
Filter by severity
Etcd pkg Insecure ciphers are allowed by default
Low
GHSA-5x4g-q5rc-36jp
was published
for
go.etcd.io/etcd/client/pkg/v3
(Go)
Feb 3, 2024
Apache Answer Race Condition vulnerability
Low
CVE-2023-49619
was published
for
github.com/apache/incubator-answer
(Go)
Jan 10, 2024
The DES/3DES cipher was used as part of the TLS protocol by installation tools
Low
GHSA-7xg2-83f8-39mr
was published
for
github.com/karmada-io/karmada
(Go)
Jan 3, 2024
Mattermost allows demoted guests to change group names
Low
CVE-2023-50333
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Jan 2, 2024
Mattermost Cross-site Scripting vulnerability
Low
CVE-2023-7113
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 29, 2023
eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations
Low
GHSA-99jv-8292-2hpm
was published
for
knative.dev/eventing-gitlab
(Go)
Dec 8, 2023
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations
Low
GHSA-v7hc-87jc-qrrr
was published
for
knative.dev/eventing-github
(Go)
Dec 6, 2023
Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true
Low
GHSA-x9qq-236j-gj97
was published
for
github.com/canonical/lxd
(Go)
Dec 5, 2023
Mattermost Injection vulnerability
Low
CVE-2023-35075
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
gnark's range checker gadget allows wider inputs up to word alignment
Low
GHSA-rjjm-x32p-m3f7
was published
for
github.com/consensys/gnark
(Go)
Nov 12, 2023
slsa-verifier vulnerable to mproper validation of npm's publish attestations
Low
GHSA-r2xv-vpr2-42m9
was published
for
github.com/slsa-framework/slsa-verifier
(Go)
Nov 8, 2023
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Low
CVE-2023-46737
was published
for
github.com/sigstore/cosign
(Go)
Nov 8, 2023
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability
Low
CVE-2023-5834
was published
for
github.com/hashicorp/vagrant
(Go)
Oct 28, 2023
Flyte Admin SQL Injection in List Filters
Low
CVE-2023-41891
was published
for
github.com/flyteorg/flyteadmin
(Go)
Oct 27, 2023
Artifact Hub allows unsafe rego built-in
Low
CVE-2023-45822
was published
for
github.com/artifacthub/hub
(Go)
Oct 19, 2023
gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results
Low
GHSA-pffg-92cg-xf5c
was published
for
github.com/consensys/gnark-crypto
(Go)
Oct 5, 2023
CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation
Low
GHSA-hq58-p9mv-338c
was published
for
github.com/cometbft/cometbft
(Go)
Sep 29, 2023
Mattermost Incorrect Authorization vulnerability
Low
CVE-2023-5193
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Sep 29, 2023
Mattermost Incorrect Authorization vulnerability
Low
CVE-2023-5159
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Sep 29, 2023
Specific Cilium configurations vulnerable to DoS via Kubernetes annotations
Low
CVE-2023-41332
was published
for
github.com/cilium/cilium
(Go)
Sep 27, 2023
Crash when processing crafted TIFF files
Low
CVE-2023-36308
was published
for
github.com/disintegration/imaging
(Go)
Sep 5, 2023
Mattermost fails to correctly delete attachments
Low
CVE-2023-4105
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
Denial of service from large image
Low
CVE-2023-37900
was published
for
github.com/crossplane/crossplane
(Go)
Jul 28, 2023
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
Low
CVE-2023-3299
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
Pipelines do not validate child UIDs
Low
CVE-2023-37264
was published
for
github.com/tektoncd/pipeline
(Go)
Jul 7, 2023
ProTip!
Advisories are also available from the
GraphQL API