Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

948 advisories

Loading
sqls-server/sqls is vulnerable to command injection in the config command High
CVE-2025-61141 was published for github.com/sqls-server/sqls (Go) Oct 30, 2025
NeuVector telemetry sender is vulnerable to MITM and DoS High
CVE-2025-54470 was published for github.com/neuvector/neuvector (Go) Oct 21, 2025
mmalesev
Credited to mmalesev
gnark-crypto allows unchecked memory allocation during vector deserialization High
GHSA-fj2x-735w-74vq was published for github.com/consensys/gnark-crypto (Go) Oct 30, 2025
raefko
Credited to raefko
podman kube play symlink traversal vulnerability High
CVE-2025-9566 was published for github.com/containers/podman/v4 (Go) Sep 4, 2025
Luap99
Credited to Luap99
Zitadel May Bypass Second Authentication Factor High
CVE-2025-64103 was published for github.com/zitadel/zitadel/v2 (Go) Oct 29, 2025
livio-a mffap
Credited to livio-a and mffap
Zitadel allows brute-forcing authentication factors High
CVE-2025-64102 was published for github.com/zitadel/zitadel/v2 (Go) Oct 29, 2025
livio-a
Credited to livio-a
ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection High
CVE-2025-64101 was published for github.com/zitadel/zitadel/v2 (Go) Oct 29, 2025
amit-laish livio-a
Credited to amit-laish and livio-a
otelgrpc DoS vulnerability due to unbound cardinality metrics High
CVE-2023-47108 was published for go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (Go) Nov 12, 2023
agmond
Credited to agmond
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations High
CVE-2025-62725 was published for github.com/docker/compose/v2 (Go) Oct 27, 2025
masasron
Credited to masasron
Constellation has insecure LUKS2 persistent storage partitions which may be opened and used High
CVE-2025-58356 was published for github.com/edgelesssys/constellation/v2 (Go) Oct 27, 2025
tjade273 daniel-weisse
msanft katexochen
Credited to tjade273, daniel-weisse, msanft, and katexochen
MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS High
CVE-2025-62506 was published for github.com/minio/minio (Go) Oct 16, 2025
donatello SimeonPoot
Credited to donatello and SimeonPoot
HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass High
CVE-2025-11621 was published for github.com/hashicorp/vault (Go) Oct 23, 2025
Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON High
CVE-2025-12044 was published for github.com/hashicorp/vault (Go) Oct 23, 2025
Parallax is vulnerable to DoS via malicious p2p message High
GHSA-xc79-566c-j4qx was published for github.com/microstack-tech/parallax (Go) Oct 10, 2025
github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks High
CVE-2025-61595 was published for github.com/MANTRA-Chain/mantrachain (Go) Sep 30, 2025
Hellobloc
Credited to Hellobloc
go-f3 module vulnerable to integer overflow leading to panic High
CVE-2025-59942 was published for github.com/filecoin-project/go-f3 (Go) Sep 29, 2025
0xNirix
Credited to 0xNirix
Rancher CLI SAML authentication is vulnerable to phishing attacks High
CVE-2024-58267 was published for github.com/rancher/rancher (Go) Sep 26, 2025
Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook High
CVE-2025-59538 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 30, 2025
jake-ciolek crenshaw-dev
blakepettersson
Credited to jake-ciolek, crenshaw-dev, and blakepettersson
argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload High
CVE-2025-59537 was published for github.com/argoproj/argo-cd (Go) Sep 30, 2025
s0ngsari530 jake-ciolek
crenshaw-dev blakepettersson
Credited to s0ngsari530, jake-ciolek, crenshaw-dev, and blakepettersson
Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload High
CVE-2025-59531 was published for github.com/argoproj/argo-cd (Go) Sep 30, 2025
jake-ciolek crenshaw-dev
blakepettersson
Credited to jake-ciolek, crenshaw-dev, and blakepettersson
NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook High
CVE-2025-23267 was published for github.com/NVIDIA/gpu-operator (Go) Jul 17, 2025
Rancher update on users can deny the service to the admin High
CVE-2024-58260 was published for github.com/rancher/rancher (Go) Sep 26, 2025
OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method High
CVE-2025-59048 was published for github.com/openbao/openbao-plugins (Go) Oct 23, 2025
pkarakal
Credited to pkarakal
Mattermost Server does not check if cookies are used over SSL High
CVE-2016-11076 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server: Insufficient Password-Reset Link Invalidation High
CVE-2016-11074 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database