Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,340
Erlang
31
GitHub Actions
22
Go
2,101
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
885
Swift
37
Unreviewed advisories
All unreviewed
5,000+

956 advisories

Loading
kube-audit-rest's example logging configuration could disclose secret values in the audit log Moderate
CVE-2025-24884 was published for github.com/RichardoC/kube-audit-rest (Go) Jan 29, 2025
libheif vulnerable to segmentation fault via floating point exception Moderate
CVE-2023-29659 was published for github.com/strukturag/libheif (Go) May 5, 2023
rathann
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access Moderate
CVE-2024-8676 was published for github.com/cri-o/cri-o (Go) Nov 26, 2024
github.com/hashicorp/yamux's DefaultConfig has dangerous defaults causing hung Read Moderate
GHSA-29qp-crvh-w22m was published for github.com/hashicorp/yamux (Go) Jan 29, 2025
In regclient, pinned manifest digests may be ignored Moderate
CVE-2025-24882 was published for github.com/regclient/regclient (Go) Aug 5, 2024
Improper input validation in github.com/gin-gonic/gin Moderate
CVE-2023-26125 was published for github.com/gin-gonic/gin (Go) May 4, 2023
Insecure Temporary File usage in github.com/golang/glog Moderate
CVE-2024-45339 was published for github.com/golang/glog (Go) Jan 28, 2025
CRI-O Path Traversal vulnerability Moderate
CVE-2025-0750 was published for github.com/cri-o/cri-o (Go) Jan 28, 2025
imgproxy is vulnerable to SSRF against 0.0.0.0 Moderate
CVE-2025-24354 was published for github.com/imgproxy/imgproxy (Go) Jan 27, 2025
phannguyenlong Benasin
benaubin
Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop Moderate
CVE-2024-10846 was published for github.com/compose-spec/compose-go/v2 (Go) Jan 21, 2025
ahollmann idsulik
thaJeztah glours gbrindisi
Cilium has an information leakage via insecure default Hubble UI CORS header Moderate
CVE-2025-23047 was published for github.com/cilium/cilium (Go) Jan 22, 2025
DoS in Cilium agent DNS proxy from crafted DNS responses Moderate
CVE-2025-23028 was published for github.com/cilium/cilium (Go) Jan 22, 2025
bimmlerd kokelley-cisco
Submariner Operator sets unnecessary RBAC permissions Moderate
CVE-2024-5042 was published for github.com/submariner-io/submariner-operator (Go) May 17, 2024
skitt
Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions Moderate
CVE-2022-36109 was published for github.com/docker/docker (Go) Sep 16, 2022
sjmurdoch neersighted
anonymous-nlp-student
Mattermost fails to properly validate post props Moderate
CVE-2025-20088 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 15, 2025
Mattermost Incorrect Type Conversion or Cast Moderate
CVE-2025-21088 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 15, 2025
Matrix Media Repo (MMR) allows untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders Moderate
CVE-2024-56515 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
matrix-media-repo (MMR) allows a denial of service through memory exhaustion Moderate
CVE-2024-52791 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
Matrix Media Repo (MMR) allows Server-Side Request Forgery (SSRF) on redirects and federation Moderate
CVE-2024-52602 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
S7evinK
Gomatrixserverlib Server-Side Request Forgery (SSRF) on redirects and federation Moderate
CVE-2024-52594 was published for github.com/matrix-org/gomatrixserverlib (Go) Jan 16, 2025
matrix-media-repo (MMR) allows denial of service/high operating costs through unauthenticated downloads Moderate
CVE-2024-36403 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content Moderate
CVE-2024-36402 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
Mattermost fails to properly validate post props Moderate
CVE-2025-20086 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 15, 2025
Mattermost webapp crash via a crafted post Moderate
CVE-2025-20621 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 16, 2025
http-swagger XSS via PUT requests Moderate
CVE-2024-25712 was published for github.com/swaggo/http-swagger (Go) Feb 29, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database