Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,150
Maven
5,000+
npm
3,815
NuGet
690
pip
3,490
Pub
12
RubyGems
902
Rust
900
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,150 advisories

Loading
notation-go's timestamp signature generation lacks certificate revocation check Moderate
CVE-2024-56138 was published for github.com/notaryproject/notation-go (Go) Jan 13, 2025
Faeris95
notation-go has an OS error when setting CRL cache leads to denial of signature verification Low
CVE-2024-51491 was published for github.com/notaryproject/notation-go (Go) Jan 13, 2025
Faeris95 JeyJeyGao
shizhMSFT
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh Low
CVE-2025-22149 was published for github.com/MicahParks/jwkset (Go) Jan 9, 2025
rohitkoul
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-22449 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 9, 2025
stevebeattie
Mattermost has Improper Check for Unusual or Exceptional Conditions Low
CVE-2025-22445 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 9, 2025
Mattermost Improper Validation of Specified Type of Input vulnerability Moderate
CVE-2025-20033 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 9, 2025
Soft Serve vulnerable to path traversal attacks Moderate
CVE-2025-22130 was published for github.com/charmbracelet/soft-serve (Go) Jan 8, 2025
WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover High
GHSA-2r2v-9pf8-6342 was published for github.com/h44z/wg-portal (Go) Jan 7, 2025
Ry0taK
go-git clients vulnerable to DoS via maliciously crafted Git server replies High
CVE-2025-21614 was published for github.com/go-git/go-git (Go) Jan 6, 2025
bdilalu
go-git has an Argument Injection via the URL field Critical
CVE-2025-21613 was published for github.com/go-git/go-git/v5 (Go) Jan 6, 2025
vin01
SiYuan has an arbitrary file deletion vulnerability High
CVE-2025-21609 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 3, 2025
N0el4kLs
Karmada Tar Slips in CRDs archive extraction Moderate
CVE-2024-56514 was published for github.com/karmada-io/karmada (Go) Jan 3, 2025
zhzhuang-zju RainbowMango
TheZ3ro suidpit
Karmada PULL Mode Cluster Privilege Escalation High
CVE-2024-56513 was published for github.com/karmada-io/karmada (Go) Jan 3, 2025
zhzhuang-zju RainbowMango
suidpit TheZ3ro
OpenShift Hive RCE through AWS/Kubernetes client configuration leads to privilege escalation High
CVE-2024-25133 was published for github.com/openshift/hive (Go) Dec 31, 2024
Gogs has an argument Injection in the built-in SSH server Critical
CVE-2024-39930 was published for gogs.io/gogs (Go) Dec 23, 2024
swapgs
Gogs allows argument injection during the previewing of changes Critical
CVE-2024-39932 was published for gogs.io/gogs (Go) Dec 23, 2024
swapgs
Gogs allows deletion of internal files Critical
CVE-2024-39931 was published for gogs.io/gogs (Go) Dec 23, 2024
swapgs
Gogs allows argument Injection when tagging new releases High
CVE-2024-39933 was published for gogs.io/gogs (Go) Dec 23, 2024
swapgs
Navidrome Stores JWT Secret in Plaintext in navidrome.db High
CVE-2024-56362 was published for github.com/navidrome/navidrome (Go) Dec 23, 2024
saisathvik1
SQL injection in Apache Traffic Control High
CVE-2024-45387 was published for github.com/apache/trafficcontrol/v8 (Go) Dec 23, 2024
Path Traversal in file update API in gogs High
CVE-2024-55947 was published for gogs.io/gogs (Go) Dec 23, 2024
ManassehZhou
Remote Command Execution in file editing in gogs High
CVE-2024-54148 was published for gogs.io/gogs (Go) Dec 23, 2024
ManassehZhou
GoCast OS Command Injection vulnerability Critical
CVE-2024-28892 was published for github.com/mayuresh82/gocast (Go) Dec 20, 2024
Malayke
Hashicorp Nomad Incorrect Privilege Assignment vulnerability Moderate
CVE-2024-12678 was published for github.com/hashicorp/nomad (Go) Dec 20, 2024
GoPhish sends cleartext passwords High
CVE-2024-55196 was published for github.com/gophish/gophish (Go) Dec 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database