Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

169 advisories

Loading
1Panel set-cookie is missing the Secure keyword Low
CVE-2024-24768 was published for github.com/1Panel-dev/1Panel (Go) Feb 5, 2024
anonymous-nlp-student
Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only Low
GHSA-vjg6-93fv-qv64 was published for go.etcd.io/etcd/v3 (Go) Feb 3, 2024
Etcd embed auto compaction retention negative value causing a compaction loop or a crash Low
GHSA-pm3m-32r3-7mfh was published for go.etcd.io/etcd/v3 (Go) Feb 3, 2024
Etcd pkg Insecure ciphers are allowed by default Low
GHSA-5x4g-q5rc-36jp was published for go.etcd.io/etcd/client/pkg/v3 (Go) Feb 3, 2024
Apache Answer Race Condition vulnerability Low
CVE-2023-49619 was published for github.com/apache/incubator-answer (Go) Jan 10, 2024
The DES/3DES cipher was used as part of the TLS protocol by installation tools Low
GHSA-7xg2-83f8-39mr was published for github.com/karmada-io/karmada (Go) Jan 3, 2024
zhzhuang-zju yanfeng1992
Mattermost allows demoted guests to change group names Low
CVE-2023-50333 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 2, 2024
Mattermost Cross-site Scripting vulnerability Low
CVE-2023-7113 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 29, 2023
eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations Low
GHSA-99jv-8292-2hpm was published for knative.dev/eventing-gitlab (Go) Dec 8, 2023
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations Low
GHSA-v7hc-87jc-qrrr was published for knative.dev/eventing-github (Go) Dec 6, 2023
Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true Low
GHSA-x9qq-236j-gj97 was published for github.com/canonical/lxd (Go) Dec 5, 2023
p-ouellette gshanbhag525
Mattermost Injection vulnerability Low
CVE-2023-35075 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
gnark's range checker gadget allows wider inputs up to word alignment Low
GHSA-rjjm-x32p-m3f7 was published for github.com/consensys/gnark (Go) Nov 12, 2023
ultrainstinct30 ivokub
gbotrel
slsa-verifier vulnerable to mproper validation of npm's publish attestations Low
GHSA-r2xv-vpr2-42m9 was published for github.com/slsa-framework/slsa-verifier (Go) Nov 8, 2023
laurentsimon ianlewis
trishankatdatadog
Cosign vulnerable to possible endless data attack from attacker-controlled registry Low
CVE-2023-46737 was published for github.com/sigstore/cosign (Go) Nov 8, 2023
AdamKorcz pdeslaur
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability Low
CVE-2023-5834 was published for github.com/hashicorp/vagrant (Go) Oct 28, 2023
Flyte Admin SQL Injection in List Filters Low
CVE-2023-41891 was published for github.com/flyteorg/flyteadmin (Go) Oct 27, 2023
Sanjana-Sarda
Artifact Hub allows unsafe rego built-in Low
CVE-2023-45822 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results Low
GHSA-pffg-92cg-xf5c was published for github.com/consensys/gnark-crypto (Go) Oct 5, 2023
asanso yelhousni
xblanchot-gg
CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation Low
GHSA-hq58-p9mv-338c was published for github.com/cometbft/cometbft (Go) Sep 29, 2023
Mattermost Incorrect Authorization vulnerability Low
CVE-2023-5193 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
Mattermost Incorrect Authorization vulnerability Low
CVE-2023-5159 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
Specific Cilium configurations vulnerable to DoS via Kubernetes annotations Low
CVE-2023-41332 was published for github.com/cilium/cilium (Go) Sep 27, 2023
g-linville sayboras
Crash when processing crafted TIFF files Low
CVE-2023-36308 was published for github.com/disintegration/imaging (Go) Sep 5, 2023
Mattermost fails to correctly delete attachments Low
CVE-2023-4105 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database