GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
223 advisories
Filter by severity
GoCast OS Command Injection vulnerability
Critical
CVE-2024-28892
was published
for
github.com/mayuresh82/gocast
(Go)
Dec 20, 2024
SQL injection in Apache Traffic Control
Critical
CVE-2024-45387
was published
for
github.com/apache/trafficcontrol/v8
(Go)
Dec 23, 2024
Gogs has an argument Injection in the built-in SSH server
Critical
CVE-2024-39930
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Gogs allows argument injection during the previewing of changes
Critical
CVE-2024-39932
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Gogs allows deletion of internal files
Critical
CVE-2024-39931
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Duplicate Advisory: github.com/gogs/gogs affected by CVE-2024-39930
Critical
GHSA-p69r-v3h4-rj4f
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
•
withdrawn
Duplicate Advisory: Gogs allows argument injection during the previewing of changes
Critical
GHSA-hf29-9hfh-w63j
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
•
withdrawn
Duplicate Advisory: Gogs allows deletion of internal files
Critical
GHSA-2vgj-3pvg-xh4w
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
•
withdrawn
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Critical
CVE-2024-45337
was published
for
golang.org/x/crypto
(Go)
Dec 11, 2024
CasaOS contains weak JWT secrets
Critical
CVE-2023-37266
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Jul 17, 2023
CasaOS Gateway vulnerable to incorrect identification of source IP addresses
Critical
CVE-2023-37265
was published
for
github.com/IceWhaleTech/CasaOS-Gateway
(Go)
Jul 17, 2023
Grafana plugin SDK Information Leakage
Critical
CVE-2024-8986
was published
for
github.com/grafana/grafana-plugin-sdk-go
(Go)
Sep 19, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints
Critical
CVE-2024-42490
was published
for
goauthentik.io
(Go)
Aug 22, 2024
RBAC Roles for `etcd` created by Kamaji are not disjunct
Critical
CVE-2024-42480
was published
for
github.com/clastix/kamaji
(Go)
Aug 12, 2024
CasaOS Command Injection vulnerability
Critical
CVE-2023-37469
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Aug 5, 2024
rudder-server is vulnerable to SQL injection
Critical
CVE-2023-30625
was published
for
github.com/rudderlabs/rudder-server
(Go)
Aug 5, 2024
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel
Critical
CVE-2024-39274
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows unsolicited invites to expose access to local channels
Critical
CVE-2024-39777
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
fabedge has insecure permissions
Critical
CVE-2024-36536
was published
for
github.com/fabedge/fabedge
(Go)
Jul 24, 2024
snapd Race Condition vulnerability
Critical
CVE-2022-3328
was published
for
github.com/snapcore/snapd
(Go)
Jan 8, 2024
Silver vulnerable to MitM attack against implants due to a cryptography vulnerability
Critical
CVE-2023-34758
was published
for
github.com/bishopfox/sliver
(Go)
Jun 21, 2023
VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder
Critical
CVE-2024-9486
was published
for
github.com/kubernetes-sigs/image-builder
(Go)
Oct 15, 2024
Withdrawn Advisory: go-mysql affected by go.uuid's Predictable UUID Identifiers
Critical
GHSA-rc7v-65v6-m2v3
was published
for
github.com/go-mysql-org/go-mysql
(Go)
Oct 28, 2024
•
withdrawn
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE
Critical
CVE-2024-51735
was published
for
github.com/j3ssie/osmedeus
(Go)
Nov 5, 2024
ProTip!
Advisories are also available from the
GraphQL API