Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

948 advisories

Loading
Rancher Fleet Helm Values are stored inside BundleDeployment in plain text High
CVE-2024-52284 was published for github.com/rancher/fleet (Go) Aug 29, 2025
gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm High
CVE-2025-58157 was published for github.com/consensys/gnark (Go) Aug 29, 2025
feltroidprime
Credited to feltroidprime
Harness Allows Arbitrary File Write in Gitness LFS server High
CVE-2025-58158 was published for github.com/harness/gitness (Go) Aug 29, 2025
TheKavorka
Credited to TheKavorka
Versity panic induced by AWS chunked data sent to port High
GHSA-v2ch-c8v8-fgr7 was published for github.com/versity/versitygw (Go) Aug 29, 2025
tonyipm
Credited to tonyipm
Rancher affected by unauthenticated Denial of Service High
CVE-2024-58259 was published for github.com/rancher/rancher (Go) Aug 29, 2025
HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads High
CVE-2025-6203 was published for github.com/hashicorp/vault (Go) Aug 28, 2025
Contrast leaks workload secrets to logs on INFO level High
GHSA-vxg3-w9rv-rhr2 was published for github.com/edgelesssys/contrast (Go) Aug 28, 2025
katexochen
Credited to katexochen
simple-admin-core SQL Injection vulnerability High
CVE-2025-51667 was published for github.com/suyuan32/simple-admin-core (Go) Aug 27, 2025
gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks High
CVE-2025-57801 was published for github.com/consensys/gnark (Go) Aug 22, 2025
sunyxedu A7um
XlabAITeam zL1nX
Credited to sunyxedu, A7um, XlabAITeam, and zL1nX
HashiCorp go-getter Vulnerable to Symlink Attacks High
CVE-2025-8959 was published for github.com/hashicorp/go-getter (Go) Aug 15, 2025
External Secrets Operator's Missing Namespace Restriction Allows Unauthorized Secret Access High
CVE-2025-55196 was published for github.com/external-secrets/external-secrets (Go) Aug 13, 2025
gracedo moolen
Credited to gracedo and moolen
OliveTin OS Command Injection vulnerability High
CVE-2025-50946 was published for github.com/OliveTin/OliveTin (Go) Aug 13, 2025
Komari vulnerable to 2FA Authentication Bypass High
GHSA-jhmr-57cj-q6g9 was published for github.com/komari-monitor/komari (Go) Aug 12, 2025
imlonghao
Credited to imlonghao
Komari vulnerable to Cross-site WebSocket Hijacking High
GHSA-q355-h244-969h was published for github.com/komari-monitor/komari (Go) Aug 12, 2025
imlonghao
Credited to imlonghao
Mattermost Confluence Plugin has Improper Check for Unusual or Exceptional Conditions High
CVE-2025-52931 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
Mattermost Confluence Plugin has Improper Validation of Specified Type of Input High
CVE-2025-54525 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
Mattermost Confluence Plugin is Missing Authentication for Critical Function High
CVE-2025-44004 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
OpenBao Root Namespace Operator May Elevate Token Privileges High
CVE-2025-54996 was published for github.com/openbao/openbao (Go) Aug 8, 2025
Fiber Crashes in BodyParser Due to Unvalidated Large Slice Index in Decoder High
CVE-2025-54801 was published for github.com/gofiber/fiber/v2 (Go) Aug 5, 2025
anuraagbaishya
Credited to anuraagbaishya
RatPanel can perform remote command execution without authorization High
CVE-2025-53534 was published for github.com/tnborg/panel (Go) Aug 4, 2025
LTLTLXEY devhaozi
Credited to LTLTLXEY and devhaozi
Hashicorp Vault has Privilege Escalation Vulnerability High
CVE-2025-5999 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
1Panel agent certificate verification bypass leading to arbitrary command execution High
CVE-2025-54424 was published for github.com/1Panel-dev/1Panel/core (Go) Aug 1, 2025
lizicoco
Credited to lizicoco
Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution High
CVE-2025-54386 was published for github.com/traefik/traefik/v2 (Go) Aug 1, 2025
odaysec
Credited to odaysec
eKuiper API endpoints handling SQL queries with user-controlled table names. High
CVE-2025-54379 was published for github.com/lf-edge/ekuiper (Go) Jul 24, 2025
odaysec
Credited to odaysec
Authentik has insufficient check for account active status when authenticating with OAuth/SAML Sources High
CVE-2025-53942 was published for goauthentik.io (Go) Jul 22, 2025
pascalwei
Credited to pascalwei
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database