GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
913 advisories
Filter by severity
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts
Moderate
CVE-2024-53858
was published
for
github.com/cli/cli/v2
(Go)
Nov 27, 2024
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace
Moderate
CVE-2024-53859
was published
for
github.com/cli/go-gh/v2
(Go)
Nov 27, 2024
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access
Moderate
CVE-2024-8676
was published
for
github.com/cri-o/cri-o
(Go)
Nov 26, 2024
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion
Moderate
CVE-2024-43784
was published
for
github.com/treeverse/lakefs
(Go)
Nov 26, 2024
Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges
Moderate
CVE-2024-52529
was published
for
github.com/cilium/cilium
(Go)
Nov 25, 2024
OpenShift Console Server Side Request Forgery vulnerability
Moderate
CVE-2024-6538
was published
for
github.com/openshift/console
(Go)
Nov 25, 2024
SFTPGo allows administrators to restrict command execution from the EventManager
Moderate
CVE-2024-52309
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Nov 21, 2024
cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs
Moderate
GHSA-r4pg-vg54-wxx4
was published
for
github.com/cert-manager/cert-manager
(Go)
Nov 20, 2024
Rancher Helm Applications may have sensitive values leaked
Moderate
CVE-2024-52282
was published
for
github.com/rancher/rancher
(Go)
Nov 20, 2024
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
Moderate
CVE-2024-52522
was published
for
github.com/rclone/rclone
(Go)
Nov 19, 2024
Stored XSS using two files in usememos/memos
Moderate
CVE-2023-0109
was published
for
github.com/usememos/memos
(Go)
Nov 15, 2024
Hashicorp Nomad Incorrect Authorization vulnerability
Moderate
CVE-2024-10975
was published
for
github.com/hashicorp/nomad
(Go)
Nov 7, 2024
Safearchive Path Traversal vulnerability
Moderate
CVE-2024-10389
was published
for
github.com/google/safearchive
(Go)
Nov 4, 2024
Gnark out-of-memory during deserialization with crafted inputs
Moderate
CVE-2024-50354
was published
for
github.com/consensys/gnark
(Go)
Oct 31, 2024
Hashicorp Consul Cross-site Scripting vulnerability
Moderate
CVE-2024-10086
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability
Moderate
CVE-2024-10006
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system
Moderate
CVE-2024-0133
was published
for
github.com/NVIDIA/nvidia-container-toolkit
(Go)
Oct 29, 2024
Mattermost Server vulnerable to application crash from attacker-generated large response
Moderate
CVE-2024-47401
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 29, 2024
Mattermost server allows authenticated user to delete arbitrary post
Moderate
CVE-2024-50052
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 29, 2024
Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery
Moderate
CVE-2024-46872
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 29, 2024
Mattermost Server allows user to get private channel names
Moderate
CVE-2024-10241
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 29, 2024
Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect')
Moderate
GHSA-wcx9-ccpj-hx3c
was published
for
github.com/coder/coder/v2
(Go)
Oct 28, 2024
Argo Workflows Controller: Denial of Service via malicious daemon Workflows
Moderate
CVE-2024-47827
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Oct 28, 2024
Denied Host Validation Bypass in Zitadel Actions
Moderate
CVE-2024-49753
was published
for
github.com/zitadel/zitadel
(Go)
Oct 25, 2024
Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse
Moderate
CVE-2023-26248
was published
for
github.com/libp2p/go-libp2p-kad-dht
(Go)
Oct 25, 2024
ProTip!
Advisories are also available from the
GraphQL API