Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,815
Erlang
36
GitHub Actions
32
Go
2,401
Maven
5,000+
npm
4,045
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,401 advisories

Loading
Grafana's insecure DingDing Alert integration exposes sensitive information Moderate
CVE-2025-3415 was published for github.com/grafana/grafana (Go) Jul 17, 2025
Mattermost password hash disclosure vulnerability Moderate
CVE-2023-5968 was published for github.com/mattermost/mattermost-server (Go) Nov 6, 2023
MarkLee131
GitLab auth uses full name instead of username as user ID, allowing impersonation High
CVE-2020-5415 was published for github.com/concourse/concourse (Go) Dec 20, 2021
gdetrez
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true Low
GHSA-x9qq-236j-gj97 was published for github.com/canonical/lxd (Go) Dec 5, 2023
p-ouellette gshanbhag525
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Moderate
CVE-2024-35255 was published for @azure/identity (Go) Jun 11, 2024
scottaddie localden
Mattermost has Insufficiently Protected Credentials Low
CVE-2025-6227 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
Mattermost Path Traversal vulnerability Moderate
CVE-2025-6233 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
Mattermost Missing Authentication for Critical Function Moderate
CVE-2025-6226 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin High
CVE-2025-4123 was published for github.com/grafana/grafana (Go) May 22, 2025
Grafana is vulnerable to XSS attacks through open redirects and path traversal High
CVE-2025-6023 was published for github.com/grafana/grafana (Go) Jul 18, 2025
melange's world-writable permissions expose SBOM files to potential image tampering Moderate
CVE-2025-54059 was published for chainguard.dev/melange (Go) Jul 18, 2025
markusboehme egibs
codyharris-h2o-ai stevebeattie eslerm
apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files High
CVE-2025-53945 was published for chainguard.dev/apko (Go) Jul 18, 2025
vishal-chdhry codyharris-h2o-ai
eslerm
golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability High
CVE-2025-22868 was published for golang.org/x/oauth2 (Go) Jul 18, 2025
Traefik affected by Go oauth2/jws Improper Validation of Syntactic Correctness of Input vulnerability High
GHSA-3wqc-mwfx-672p was published for github.com/traefik/traefik/v2 (Go) Apr 18, 2025
adregbr
Helm vulnerable to Code Injection through malicious chart.yaml content High
CVE-2025-53547 was published for helm.sh/helm/v3 (Go) Jul 8, 2025
jake-ciolek
Apache Answer: Avatar URL leaked user email addresses Moderate
CVE-2024-40761 was published for github.com/apache/incubator-answer (Go) Sep 25, 2024
oscerd
Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive High
CVE-2025-53632 was published for github.com/ctfer-io/chall-manager (Go) Jul 10, 2025
Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout High
CVE-2025-53634 was published for github.com/ctfer-io/chall-manager (Go) Jul 10, 2025
Chall-Manager's scenario decoding process does not check for zip bombs High
CVE-2025-53633 was published for github.com/ctfer-io/chall-manager (Go) Jul 10, 2025
protobuf susceptible to buffer overflow High
CVE-2015-5237 was published for Google.Protobuf (Composer) May 13, 2022
Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points Low
GHSA-phhq-63jg-fp7r was published for github.com/edgelesssys/contrast (Go) Jul 9, 2025
burgerdev katexochen
thomasten
Mattermost allows remote actor to create/update/delete posts in arbitrary channels High
CVE-2024-41144 was published for github.com/mattermost/mattermost (Go) Aug 1, 2024
Mattermost allows remote actor to set arbitrary RemoteId values for synced users Moderate
CVE-2024-41926 was published for github.com/mattermost/mattermost (Go) Aug 1, 2024
Mattermost allows a remote actor to make an arbitrary local channel read-only Moderate
CVE-2024-41162 was published for github.com/mattermost/mattermost (Go) Aug 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database