Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
Instance config inline secret exposure in Grafana Moderate
CVE-2021-41090 was published for github.com/grafana/agent (Go) Dec 8, 2021
Grafana information disclosure High
CVE-2020-12458 was published for github.com/grafana/grafana (Go) May 24, 2022
Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials Critical
CVE-2021-36782 was published for github.com/rancher/rancher (Go) Sep 23, 2022
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects High
CVE-2022-43757 was published for github.com/rancher/rancher (Go) Jan 25, 2023
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured High
CVE-2023-0690 was published for github.com/hashicorp/boundary (Go) Jul 6, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability High
CVE-2023-34236 was published for github.com/weaveworks/tf-controller (Go) Jul 14, 2023
greenu
lakeFS logs S3 credentials in plain text High
GHSA-4rgc-5g6r-2rjf was published for github.com/treeverse/lakefs (Go) Dec 12, 2023
Mattermost doesn't redact remote users' original email addresses Moderate
CVE-2024-32939 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
GoPhish sends cleartext passwords High
CVE-2024-55196 was published for github.com/gophish/gophish (Go) Dec 19, 2024
Navidrome Stores JWT Secret in Plaintext in navidrome.db High
CVE-2024-56362 was published for github.com/navidrome/navidrome (Go) Dec 23, 2024
saisathvik1
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database