GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges
Moderate
CVE-2024-52529
was published
for
github.com/cilium/cilium
(Go)
Nov 25, 2024
Mattermost server allows authenticated user to delete arbitrary post
Moderate
CVE-2024-50052
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 29, 2024
Nomad Search API Leaks Information About CSI Plugins
Moderate
CVE-2023-3300
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
Nomad ACL Policies without Label are Applied to Unexpected Resources
Moderate
CVE-2023-3072
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
HashiCorp Consul does not properly validate node or segment names prior to usage in JWT claim assertions
High
CVE-2021-41803
was published
for
github.com/hashicorp/consul
(Go)
Sep 25, 2022
Pebble service manager's file pull API allows access by any user
Moderate
CVE-2024-3250
was published
for
github.com/canonical/pebble
(Go)
Apr 5, 2024
1Panel arbitrary file write vulnerability
High
CVE-2023-39966
was published
for
github.com/1Panel-dev/1Panel
(Go)
Aug 10, 2023
Answer Missing Authorization vulnerability
Low
CVE-2023-2590
was published
for
github.com/answerdev/answer
(Go)
May 9, 2023
Duplicate Advisory: Grafana Improper Access Control vulnerability
Moderate
GHSA-wm7r-3qxj-5xgq
was published
for
github.com/grafana/grafana
(Go)
Jun 6, 2023
•
withdrawn
Answer Missing Authorization vulnerability
High
CVE-2023-4124
was published
for
github.com/answerdev/answer
(Go)
Aug 3, 2023
Mattermost fails to correctly delete attachments
Low
CVE-2023-4105
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
Mattermost fails to check if user is a guest before performing actions on public playbooks
Moderate
CVE-2023-4106
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
Sealos billing system permission control defect
High
CVE-2023-36815
was published
for
github.com/labring/sealos
(Go)
Jun 30, 2023
Mattermost Server Missing Authorization vulnerability
Moderate
CVE-2023-2783
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Jun 16, 2023
Authenticated users can exploit an enumeration vulnerability in Harbor
Moderate
CVE-2020-13794
was published
for
github.com/goharbor/harbor
(Go)
May 24, 2021
Reject unauthorized access with GitHub PATs
High
CVE-2021-21432
was published
for
github.com/go-vela/server
(Go)
Feb 15, 2022
Missing Authorization in Harbor
Moderate
CVE-2019-16097
was published
for
github.com/goharbor/harbor
(Go)
Feb 15, 2022
Kubernetes Privilege Escalation
Critical
CVE-2017-1000056
was published
for
k8s.io/kubernetes
(Go)
May 12, 2021
KubePi may allow unauthorized access to system API
High
CVE-2023-22478
was published
for
github.com/KubeOperator/kubepi
(Go)
Jan 9, 2023
Mattermost Server Sensitive Data Exposure
Moderate
CVE-2020-14457
was published
for
github.com/mattermost/mattermost
(Go)
May 24, 2022
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Critical
CVE-2022-39222
was published
for
github.com/dexidp/dex
(Go)
Oct 3, 2022
Gogs vulnerable to improper PAM authorization handling
High
CVE-2022-0871
was published
for
gogs.io/gogs
(Go)
Mar 14, 2022
Duplicate Advisory: Improper Authorization in Gogs
High
GHSA-65f3-3278-7m65
was published
for
gogs.io/gogs
(Go)
Mar 12, 2022
•
withdrawn
Gitea Missing Authorization vulnerability
High
CVE-2022-0905
was published
for
code.gitea.io/gitea
(Go)
Mar 11, 2022
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint
Moderate
CVE-2022-39340
was published
for
github.com/openfga/openfga
(Go)
Oct 25, 2022
ProTip!
Advisories are also available from the
GraphQL API