Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

144 advisories

Loading
`docker cp` allows unexpected chmod of host files in Moby Docker Engine Low
CVE-2021-41089 was published for github.com/docker/docker (Go) Jun 10, 2024
LevanaXr ssst0n3
evmos allows transferring unvested tokens after delegations Low
CVE-2024-32873 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
SQL Injection in Harbor scan log API Low
CVE-2024-22261 was published for github.com/goharbor/harbor (Go) Jun 2, 2024
github.com/huandu/facebook may expose access_token in error message. Low
CVE-2024-35232 was published for github.com/huandu/facebook/v2 (Go) May 24, 2024
seiyab
github.com/bincyber/go-sqlcrypter vulnerable to IV collision Low
GHSA-2j6r-9vv4-6gf5 was published for github.com/bincyber/go-sqlcrypter (Go) May 20, 2024
Grafana Forward OAuth Identity Token can allow users to access some data sources Low
CVE-2022-21673 was published for github.com/grafana/grafana (Go) May 14, 2024
mxalis
containerd started with non-empty inheritable Linux process capabilities Low
GHSA-c9cp-9c75-9v8c was published for github.com/containerd/containerd (Go) May 14, 2024
NATS server TLS missing ciphersuite settings when CLI flags used Low
CVE-2021-32026 was published for github.com/nats-io/nats-server/v2 (Go) May 14, 2024
lukas-braune
sshproxy vulnerable to SSH option injection Low
CVE-2024-34713 was published for github.com/cea-hpc/sshproxy (Go) May 14, 2024
fdiakh
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage Low
CVE-2024-34079 was published for github.com/octo-sts/app (Go) May 13, 2024
enj
Mattermost allows team admins to promote guests to team admins Low
CVE-2024-4195 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
Mattermost fails to fully validate role changes Low
CVE-2024-4198 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
Mattermost fails to limit the size of a request path Low
CVE-2024-22091 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin Low
CVE-2024-3177 was published for k8s.io/kubernetes (Go) Apr 23, 2024
Authelia's Group Changes may not have the expected results (YAML file backend) Low
GHSA-x883-2vmg-xwf7 was published for github.com/authelia/authelia/v4 (Go) Apr 22, 2024
ezrizhu
1Panel's password verification is suspected to have a timing attack vulnerability Low
CVE-2024-30257 was published for github.com/1Panel-dev/1Panel (Go) Apr 18, 2024
SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used Low
CVE-2024-32001 was published for github.com/authzed/spicedb (Go) Apr 10, 2024
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output Low
GHSA-j5vm-7qcc-2wwg was published for github.com/kopia/kopia (Go) Apr 10, 2024
Mattermost Server Improper Access Control Low
CVE-2024-21848 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
Mattermost race condition Low
CVE-2024-1949 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost incorrectly allows access individual posts Low
CVE-2024-1952 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost fails to properly restrict the access of files attached to posts Low
CVE-2024-23488 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
ASA-2024-004: Default configuration param for Evidence may limit window of validity Low
GHSA-555p-m4v6-cqxv was published for github.com/cometbft/cometbft (Go) Feb 28, 2024
ASA-2024-005: Potential slashing evasion during re-delegation Low
GHSA-86h5-xcpx-cfqc was published for github.com/cosmos/cosmos-sdk (Go) Feb 27, 2024
Mattermost fails to check the required permissions Low
CVE-2024-24776 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database