Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,933
Erlang
39
GitHub Actions
38
Go
2,595
Maven
5,000+
npm
4,247
NuGet
754
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
go-mail has insufficient address encoding when passing mail addresses to the SMTP client High
CVE-2025-59937 was published for github.com/wneessen/go-mail (Go) Sep 29, 2025
xclow3n
Credited to xclow3n
filebrowser Allows Shell Commands to Spawn Other Commands High
CVE-2025-52903 was published for github.com/filebrowser/filebrowser (Go) Jun 27, 2025
mtausig hacdias
Credited to mtausig and hacdias
go-git has an Argument Injection via the URL field Critical
CVE-2025-21613 was published for github.com/go-git/go-git/v5 (Go) Jan 6, 2025
vin01
Credited to vin01
Gogs has an argument Injection in the built-in SSH server Critical
CVE-2024-39930 was published for gogs.io/gogs (Go) Dec 23, 2024
swapgs
Credited to swapgs
Gogs allows argument Injection when tagging new releases High
CVE-2024-39933 was published for gogs.io/gogs (Go) Dec 23, 2024
swapgs
Credited to swapgs
Duplicate Advisory: Gogs allows argument injection during the tagging of a new release High
GHSA-8mm6-wmpp-mmm3 was published for github.com/gogs/gogs (Go) Jul 4, 2024 withdrawn
Duplicate Advisory: github.com/gogs/gogs affected by CVE-2024-39930 Critical
GHSA-p69r-v3h4-rj4f was published for github.com/gogs/gogs (Go) Jul 4, 2024 withdrawn
HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches Critical
CVE-2024-3817 was published for github.com/hashicorp/go-getter (Go) Apr 17, 2024
Command injection in Git package in Wrangler High
CVE-2022-31249 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
cokeBeer aruneko
tdunlap607
Credited to cokeBeer, aruneko, and tdunlap607
Command injection in Rancher Git package Moderate
CVE-2022-43758 was published for github.com/rancher/rancher (Go) Jan 25, 2023
cokeBeer snoopysecurity
Credited to cokeBeer and snoopysecurity
Gitea vulnerable to Argument Injection Critical
CVE-2022-42968 was published for github.com/go-gitea/gitea (Go) Oct 16, 2022
Command Injection Vulnerability with Mercurial in VCS Critical
CVE-2022-21235 was published for github.com/Masterminds/vcs (Go) Apr 1, 2022
dellalibera
Credited to dellalibera
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database