GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+
2,135 advisories
Filter by severity
Go Ethereum vulnerable to DoS via malicious p2p message
Moderate
CVE-2025-24883
was published
for
github.com/ethereum/go-ethereum
(Go)
Jan 30, 2025
lakeFS allows an authenticated user to cause a crash by exhausting server memory
Moderate
CVE-2025-27100
was published
for
github.com/treeverse/lakefs
(Go)
Feb 21, 2025
runc can be confused to create empty files/directories on the host
Moderate
CVE-2024-45310
was published
for
github.com/opencontainers/runc
(Go)
Sep 3, 2024
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull
Moderate
CVE-2024-34068
was published
for
github.com/pterodactyl/wings
(Go)
May 3, 2024
S3-Proxy allows Reflected Cross-site Scripting (XSS) in template implementation
High
CVE-2025-27088
was published
for
github.com/oxyno-zeta/s3-proxy/cmd/s3-proxy
(Go)
Feb 20, 2025
Buildah allows build breakout using malicious Containerfiles and concurrent builds
High
CVE-2024-11218
was published
for
github.com/containers/buildah
(Go)
Jan 21, 2025
SSRF in sliver teamserver
Moderate
CVE-2025-27090
was published
for
github.com/bishopfox/sliver
(Go)
Feb 19, 2025
Hermes improperly validates a JWT
High
CVE-2025-1293
was published
for
github.com/hashicorp-forge/hermes
(Go)
Feb 20, 2025
Cosmos SDK: Groups module can halt chain when handling a malicious proposal
High
GHSA-x5vx-95h7-rv4p
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Feb 20, 2025
MaysWind ezBookkeeping has Improper Privilege Management
Critical
CVE-2024-57604
was published
for
github.com/mayswind/ezbookkeeping
(Go)
Feb 13, 2025
OpenFGA Authorization Bypass
Moderate
CVE-2025-25196
was published
for
github.com/openfga/openfga
(Go)
Feb 19, 2025
Authelia applies regulation separately to Username-based logins to Email-based logins
Low
CVE-2025-24806
was published
for
github.com/authelia/authelia/v4
(Go)
Feb 19, 2025
Mattermost vulnerable to denial of service via large number of emoji reactions
Moderate
CVE-2024-1402
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 9, 2024
Authentication bypass for viewing and deletions of snapshots
High
CVE-2021-39226
was published
for
github.com/grafana/grafana
(Go)
Oct 5, 2021
Insecure Temporary File usage in github.com/golang/glog
Moderate
CVE-2024-45339
was published
for
github.com/golang/glog
(Go)
Jan 28, 2025
Email Validation Bypass And Preventing Sign Up From Email's Owner
Moderate
CVE-2023-6152
was published
for
github.com/grafana/grafana
(Go)
Feb 13, 2024
`gh attestation verify` returns incorrect exit code during verification if no attestations are present
Moderate
CVE-2025-25204
was published
for
github.com/cli/cli/v2
(Go)
Feb 14, 2025
Missing rate limit in MaysWind ezBookkeeping
Moderate
CVE-2024-57603
was published
for
github.com/mayswind/ezbookkeeping
(Go)
Feb 13, 2025
Node Denial of Service via kubelet Checkpoint API
Moderate
CVE-2025-0426
was published
for
k8s.io/kubernetes
(Go)
Feb 13, 2025
Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability
High
CVE-2023-44313
was published
for
github.com/apache/servicecomb-service-center
(Go)
Jan 31, 2024
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-44312
was published
for
github.com/apache/servicecomb-service-center
(Go)
Jan 31, 2024
Memory exhaustion in HashiCorp Vault
High
CVE-2023-6337
was published
for
github.com/hashicorp/vault
(Go)
Dec 9, 2023
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation
High
CVE-2023-3893
was published
for
github.com/kubernetes-csi/csi-proxy
(Go)
Nov 3, 2023
Kubernetes privilege escalation vulnerability
High
CVE-2023-3955
was published
for
k8s.io/kubernetes
(Go)
Oct 31, 2023
Kubernetes privilege escalation vulnerability
High
CVE-2023-3676
was published
for
k8s.io/kubernetes
(Go)
Oct 31, 2023
ProTip!
Advisories are also available from the
GraphQL API