Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,150
Maven
5,000+
npm
3,815
NuGet
690
pip
3,490
Pub
12
RubyGems
902
Rust
900
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,150 advisories

Loading
CRI-O Path Traversal vulnerability Moderate
CVE-2025-0750 was published for github.com/cri-o/cri-o (Go) Jan 28, 2025
imgproxy is vulnerable to SSRF against 0.0.0.0 Moderate
CVE-2025-24354 was published for github.com/imgproxy/imgproxy (Go) Jan 27, 2025
phannguyenlong Benasin
benaubin
Updatecli exposes Maven credentials in console output High
CVE-2025-24355 was published for github.com/updatecli/updatecli (Go) Jan 24, 2025
gionn olblak
Envoy Admin Interface Exposed through prometheus metrics endpoint High
CVE-2025-24030 was published for github.com/envoyproxy/gateway (Go) Jan 23, 2025
guydc
Cilium has an information leakage via insecure default Hubble UI CORS header Moderate
CVE-2025-23047 was published for github.com/cilium/cilium (Go) Jan 22, 2025
DoS in Cilium agent DNS proxy from crafted DNS responses Moderate
CVE-2025-23028 was published for github.com/cilium/cilium (Go) Jan 22, 2025
bimmlerd kokelley-cisco
Buildah allows build breakout using malicious Containerfiles and concurrent builds High
CVE-2024-11218 was published for github.com/containers/buildah (Go) Jan 21, 2025
eriksjolund
Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop Moderate
CVE-2024-10846 was published for github.com/compose-spec/compose-go/v2 (Go) Jan 21, 2025
ahollmann idsulik
thaJeztah glours gbrindisi
HashiCorp go-slug Vulnerable to Zip Slip Attack High
CVE-2025-0377 was published for github.com/hashicorp/go-slug (Go) Jan 21, 2025
Insecure default config access in WriteFreely High
CVE-2025-24337 was published for github.com/writefreely/writefreely (Go) Jan 20, 2025
Zot IdP group membership revocation ignored High
CVE-2025-23208 was published for zotregistry.dev/zot (Go) Jan 17, 2025
jeff-mccoy
Gomatrixserverlib Server-Side Request Forgery (SSRF) on redirects and federation Moderate
CVE-2024-52594 was published for github.com/matrix-org/gomatrixserverlib (Go) Jan 16, 2025
Mattermost webapp crash via a crafted post Moderate
CVE-2025-20621 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 16, 2025
Matrix Media Repo (MMR) allows untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders Moderate
CVE-2024-56515 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
Matrix Media Repo (MMR) allows Server-Side Request Forgery (SSRF) on redirects and federation Moderate
CVE-2024-52602 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
S7evinK
matrix-media-repo (MMR) allows a denial of service through memory exhaustion Moderate
CVE-2024-52791 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
matrix-media-repo (MMR) allows denial of service/high operating costs through unauthenticated downloads Moderate
CVE-2024-36403 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content Moderate
CVE-2024-36402 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
CVE-2024-5138: snapd snapctl auth bypass Moderate
CVE-2024-5138 was published for github.com/snapcore/snapd (Go) Jan 16, 2025
rmcnamara-snyk
Mattermost fails to properly validate post props Moderate
CVE-2025-20088 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 15, 2025
Mattermost fails to properly validate post props Moderate
CVE-2025-20086 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 15, 2025
Mattermost Incorrect Type Conversion or Cast Moderate
CVE-2025-21088 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 15, 2025
Rancher UI has Stored Cross-site Scripting vulnerability High
CVE-2024-52281 was published for github.com/rancher/rancher (Go) Jan 14, 2025
Git LFS permits exfiltration of credentials via crafted HTTP URLs High
CVE-2024-53263 was published for github.com/git-lfs/git-lfs (Go) Jan 14, 2025
Ry0taK
OpenFGA Authorization Bypass Moderate
CVE-2024-56323 was published for github.com/openfga/openfga (Go) Jan 13, 2025
miparnisari
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database