GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
137 advisories
Filter by severity
Mattermost Cross-site Scripting vulnerability
Low
CVE-2023-7113
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 29, 2023
eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations
Low
GHSA-99jv-8292-2hpm
was published
for
knative.dev/eventing-gitlab
(Go)
Dec 8, 2023
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations
Low
GHSA-v7hc-87jc-qrrr
was published
for
knative.dev/eventing-github
(Go)
Dec 6, 2023
Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true
Low
GHSA-x9qq-236j-gj97
was published
for
github.com/canonical/lxd
(Go)
Dec 5, 2023
Mattermost Injection vulnerability
Low
CVE-2023-35075
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
gnark's range checker gadget allows wider inputs up to word alignment
Low
GHSA-rjjm-x32p-m3f7
was published
for
github.com/consensys/gnark
(Go)
Nov 12, 2023
slsa-verifier vulnerable to mproper validation of npm's publish attestations
Low
GHSA-r2xv-vpr2-42m9
was published
for
github.com/slsa-framework/slsa-verifier
(Go)
Nov 8, 2023
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Low
CVE-2023-46737
was published
for
github.com/sigstore/cosign
(Go)
Nov 8, 2023
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability
Low
CVE-2023-5834
was published
for
github.com/hashicorp/vagrant
(Go)
Oct 28, 2023
Flyte Admin SQL Injection in List Filters
Low
CVE-2023-41891
was published
for
github.com/flyteorg/flyteadmin
(Go)
Oct 27, 2023
Artifact Hub allows unsafe rego built-in
Low
CVE-2023-45822
was published
for
github.com/artifacthub/hub
(Go)
Oct 19, 2023
gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results
Low
GHSA-pffg-92cg-xf5c
was published
for
github.com/consensys/gnark-crypto
(Go)
Oct 5, 2023
CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation
Low
GHSA-hq58-p9mv-338c
was published
for
github.com/cometbft/cometbft
(Go)
Sep 29, 2023
Mattermost Incorrect Authorization vulnerability
Low
CVE-2023-5159
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Sep 29, 2023
Mattermost Incorrect Authorization vulnerability
Low
CVE-2023-5193
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Sep 29, 2023
Specific Cilium configurations vulnerable to DoS via Kubernetes annotations
Low
CVE-2023-41332
was published
for
github.com/cilium/cilium
(Go)
Sep 27, 2023
Crash when processing crafted TIFF files
Low
CVE-2023-36308
was published
for
github.com/disintegration/imaging
(Go)
Sep 5, 2023
Mattermost fails to correctly delete attachments
Low
CVE-2023-4105
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
Denial of service from large image
Low
CVE-2023-37900
was published
for
github.com/crossplane/crossplane
(Go)
Jul 28, 2023
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
Low
CVE-2023-3299
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
Pipelines do not validate child UIDs
Low
CVE-2023-37264
was published
for
github.com/tektoncd/pipeline
(Go)
Jul 7, 2023
code.gitea.io/gitea Open Redirect vulnerability
Low
CVE-2023-3515
was published
for
code.gitea.io/gitea
(Go)
Jul 5, 2023
github.com/cosmos/cosmos-sdk's x/crisis does not charge ConstantFee
Low
GHSA-w5w5-2882-47pc
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Jun 30, 2023
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource
Low
CVE-2023-3485
was published
for
go.temporal.io/server
(Go)
Jun 30, 2023
SpiceDB's LookupResources may return partial results
Low
CVE-2023-35930
was published
for
github.com/authzed/spicedb
(Go)
Jun 28, 2023
ProTip!
Advisories are also available from the
GraphQL API