GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
333 advisories
Filter by severity
Apache Answer User Using External Images Potentially Discloses User Information
Low
CVE-2025-29868
was published
for
github.com/apache/answer
(Go)
Apr 1, 2025
Cilium node based network policies may incorrectly allow workload traffic
Low
CVE-2025-30163
was published
for
github.com/cilium/cilium
(Go)
Mar 24, 2025
Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Low
CVE-2025-30162
was published
for
github.com/cilium/cilium
(Go)
Mar 24, 2025
Reflected XSS in go-httpbin due to unrestricted client control over Content-Type
Low
CVE-2025-45286
was published
for
github.com/mccutchen/go-httpbin
(Go)
Mar 21, 2025
Mattermost fail to prompt for explicit approval before adding a team admin to a private channel
Low
CVE-2025-27715
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Mar 21, 2025
go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment
Low
CVE-2025-29923
was published
for
github.com/redis/go-redis/v9
(Go)
Mar 20, 2025
Kubernetes kube-apiserver Vulnerable to Race Condition
Low
CVE-2024-7598
was published
for
k8s.io/kubernetes/cmd/kube-apiserver
(Go)
Mar 20, 2025
Mattermost fails to invalidate all active sessions when converting a user to a bot
Low
CVE-2025-1412
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 24, 2025
Authelia applies regulation separately to Username-based logins to Email-based logins
Low
CVE-2025-24806
was published
for
github.com/authelia/authelia/v4
(Go)
Feb 19, 2025
Unencrypted transmission in Temporal api-go library
Low
CVE-2025-1243
was published
for
go.temporal.io/api
(Go)
Feb 12, 2025
notation-go has an OS error when setting CRL cache leads to denial of signature verification
Low
CVE-2024-51491
was published
for
github.com/notaryproject/notation-go
(Go)
Jan 13, 2025
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
Low
CVE-2025-22149
was published
for
github.com/MicahParks/jwkset
(Go)
Jan 9, 2025
Mattermost has Improper Check for Unusual or Exceptional Conditions
Low
CVE-2025-22445
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Jan 9, 2025
Mattermost Incorrect Authorization vulnerability
Low
CVE-2025-22449
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Jan 9, 2025
Simulation of Wasmd message can cause crashing
Low
GHSA-vmg2-r3xv-r3xf
was published
for
github.com/CosmWasm/wasmd
(Go)
Dec 10, 2024
lxd CA certificate sign check bypass
Low
CVE-2024-6156
was published
for
github.com/canonical/lxd
(Go)
Dec 9, 2024
lxd has a restricted TLS certificate privilege escalation when in PKI mode
Low
CVE-2024-6219
was published
for
github.com/canonical/lxd
(Go)
Dec 9, 2024
Apache Answer: Predictable Authorization Token Using UUIDv1
Low
CVE-2024-45719
was published
for
github.com/apache/incubator-answer
(Go)
Nov 22, 2024
gitsign may use incorrect Rekor entries during verification
Low
CVE-2024-51746
was published
for
github.com/sigstore/gitsign
(Go)
Nov 5, 2024
LocalAI Cross-site Scripting vulnerability
Low
CVE-2024-48057
was published
for
github.com/mudler/LocalAI
(Go)
Nov 5, 2024
Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations
Low
CVE-2024-51744
was published
for
github.com/golang-jwt/jwt/v4
(Go)
Nov 4, 2024
Grafana org admin can delete pending invites in different org
Low
CVE-2024-10452
was published
for
github.com/grafana/grafana
(Go)
Oct 29, 2024
Mattermost incorrectly issues two sessions when using desktop SSO
Low
CVE-2024-10214
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 28, 2024
AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers
Low
GHSA-rjfv-pjvx-mjgv
was published
for
sigs.k8s.io/aws-load-balancer-controller
(Go)
Oct 24, 2024
SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not
Low
CVE-2024-48909
was published
for
github.com/authzed/spicedb
(Go)
Oct 14, 2024
ProTip!
Advisories are also available from the
GraphQL API