Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
User with permission to write actions can impersonate another user when auth token is configured in environment variable Moderate
GHSA-26hr-q2wp-rvc5 was published for github.com/treeverse/lakefs (Go) Dec 12, 2023
nopcoder arielshaqed
Credited to nopcoder and arielshaqed
lakeFS affected by unauthenticated access to API usage metrics Moderate
CVE-2025-64179 was published for github.com/treeverse/lakefs (Go) Nov 3, 2025
arielshaqed nopcoder
Credited to arielshaqed and nopcoder
lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access High
CVE-2026-26187 was published for github.com/treeverse/lakefs (Go) Feb 13, 2026
nopcoder
Credited to nopcoder
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database