GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
333 advisories
Filter by severity
SpiceDB WriteRelationships fails silently if payload is too big
Low
CVE-2025-64529
was published
for
github.com/authzed/spicedb
(Go)
Nov 13, 2025
Mattermost Incorrect Authorization vulnerability
Low
CVE-2025-11777
was published
for
github.com/mattermost/mattermost
(Go)
Nov 13, 2025
OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses
Low
GHSA-w2jf-268q-mrvh
was published
for
github.com/opentofu/opentofu
(Go)
Nov 6, 2025
Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability
Low
CVE-2025-61581
was published
for
github.com/apache/trafficcontrol/v8
(Go)
Oct 16, 2025
Mattermost has an Incorrect Authorization vulnerability
Low
CVE-2025-10545
was published
for
github.com/mattermost/mattermost-server
(Go)
Oct 16, 2025
Mattermost has an Observable Timing Discrepancy vulnerability
Low
CVE-2025-54499
was published
for
github.com/mattermost/mattermost-server
(Go)
Oct 16, 2025
vet MCP Server SSE Transport DNS Rebinding Vulnerability
Low
CVE-2025-59163
was published
for
github.com/safedep/vet
(Go)
Sep 29, 2025
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace
Low
GHSA-q6hv-wcjr-wp8h
was published
for
github.com/kcp-dev/kcp
(Go)
Sep 26, 2025
Omni Wireguard SideroLink potential escape
Low
CVE-2025-59824
was published
for
github.com/siderolabs/omni
(Go)
Sep 24, 2025
Mattermost boards plugin fails to restrict download access to files
Low
CVE-2025-9081
was published
for
github.com/mattermost/mattermost-plugin-boards
(Go)
Sep 19, 2025
Dragonfly's directories created via os.MkdirAll are not checked for permissions
Low
CVE-2025-59349
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 17, 2025
Mattermost Open Redirect vulnerability
Low
CVE-2025-9084
was published
for
github.com/mattermost/mattermost-server
(Go)
Sep 15, 2025
Atlantis Exposes Service Version Publicly on /status API Endpoint
Low
CVE-2025-58445
was published
for
github.com/runatlantis/atlantis
(Go)
Sep 5, 2025
Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token
Low
GHSA-3rw9-wmc8-8948
was published
for
github.com/coder/coder/v2
(Go)
Aug 28, 2025
Mattermost Fails to Properly Validate Team Role Modification
Low
CVE-2025-53971
was published
for
github.com/mattermost/mattermost-server
(Go)
Aug 21, 2025
Mattermost Lack of Access Control Validation
Low
CVE-2025-49810
was published
for
github.com/mattermost/mattermost-server
(Go)
Aug 21, 2025
Mattermost Server SSRF Vulnerability via the Agents Plugin
Low
CVE-2025-47700
was published
for
github.com/mattermost/mattermost-server
(Go)
Aug 21, 2025
Mattermost Confluence Plugin has Missing Authorization vulnerability
Low
CVE-2025-53857
was published
for
github.com/mattermost/mattermost-plugin-confluence
(Go)
Aug 11, 2025
Mattermost Confluence Plugin has Missing Authorization vulnerability
Low
CVE-2025-49221
was published
for
github.com/mattermost/mattermost-plugin-confluence
(Go)
Aug 11, 2025
OpenBao has a Timing Side-Channel in the Userpass Auth Method
Low
CVE-2025-54999
was published
for
github.com/openbao/openbao
(Go)
Aug 8, 2025
Duplicate Advisory: Denial of service via malicious preflight requests in github.com/rs/cors
Low
GHSA-vh9x-phq6-fx54
was published
for
github.com/rs/cors
(Go)
Aug 6, 2025
•
withdrawn
github.com/go-acme/lego/v4/acme/api does not enforce HTTPS
Low
CVE-2025-54799
was published
for
github.com/go-acme/lego
(Go)
Aug 6, 2025
Duplicate Advisory: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results
Low
GHSA-522r-9946-fw43
was published
for
github.com/cloudflare/circl
(Go)
Aug 6, 2025
•
withdrawn
Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users
Low
CVE-2025-6011
was published
for
github.com/hashicorp/vault
(Go)
Aug 1, 2025
Moby firewalld reload removes bridge network isolation
Low
CVE-2025-54410
was published
for
github.com/docker/docker
(Go)
Jul 29, 2025
ProTip!
Advisories are also available from the
GraphQL API