GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
757 advisories
Filter by severity
Mattermost fails to authenticate the source of certain types of post actions
High
CVE-2024-2447
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
High
CVE-2024-22189
was published
for
github.com/quic-go/quic-go
(Go)
Apr 2, 2024
Cilium has insecure IPsec transport encryption
High
CVE-2024-28860
was published
for
github.com/cilium/cilium
(Go)
Mar 28, 2024
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass
High
CVE-2024-29891
was published
for
github.com/zitadel/zitadel
(Go)
Mar 28, 2024
ZITADEL's actions can overload reserved claims
High
CVE-2024-29892
was published
for
github.com/zitadel/zitadel
(Go)
Mar 28, 2024
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
Container escape at build time
High
GHSA-pmf3-c36m-g5cf
was published
for
github.com/containers/buildah
(Go)
Mar 19, 2024
Improper HTML sanitization in ZITADEL
High
CVE-2024-28855
was published
for
github.com/zitadel/zitadel
(Go)
Mar 18, 2024
Intermittent HTTP policy bypass
High
CVE-2024-28248
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment
High
CVE-2024-21661
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 18, 2024
CLI for Vela Insecure Variable Substitution
High
GHSA-4jhj-3gv3-c3gr
was published
for
github.com/go-vela/cli
(Go)
Mar 15, 2024
Golang SDK for Vela Insecure Variable Substitution
High
GHSA-v8mx-hp2q-gw85
was published
for
github.com/go-vela/sdk-go
(Go)
Mar 15, 2024
Server/API for Vela Insecure Variable Substitution
High
GHSA-69p4-j5v5-x234
was published
for
github.com/go-vela/server
(Go)
Mar 15, 2024
Types for Vela Insecure Variable Substitution
High
GHSA-7v38-w32m-wx4m
was published
for
github.com/go-vela/types
(Go)
Mar 15, 2024
Nuclei allows unsigned code template execution through workflows
High
CVE-2024-27920
was published
for
github.com/projectdiscovery/nuclei/v3
(Go)
Mar 15, 2024
Insecure Variable Substitution in Vela
High
CVE-2024-28236
was published
for
github.com/go-vela/worker
(Go)
Mar 14, 2024
ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions
High
GHSA-95rx-m9m5-m94v
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Mar 12, 2024
Account Takeover via Session Fixation in Zitadel [Bypassing MFA]
High
CVE-2024-28197
was published
for
github.com/zitadel/zitadel
(Go)
Mar 11, 2024
Grafana's users with permissions to create a data source can CRUD all data sources
High
CVE-2024-1442
was published
for
github.com/grafana/grafana
(Go)
Mar 7, 2024
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability
High
CVE-2024-24767
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Mar 6, 2024
CasaOS-UserService allows unauthorized access to any file
High
CVE-2024-24765
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Mar 6, 2024
`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user
High
CVE-2024-27916
was published
for
github.com/stacklok/minder
(Go)
Mar 5, 2024
Incorrect TLS certificate auth method in Vault
High
CVE-2024-2048
was published
for
github.com/hashicorp/vault
(Go)
Mar 4, 2024
Coder's OIDC authentication allows email with partially matching domain to register
High
CVE-2024-27918
was published
for
github.com/coder/coder
(Go)
Mar 4, 2024
pgproto3 SQL Injection via Protocol Message Size Overflow
High
GHSA-7jwh-3vrq-q3m8
was published
for
github.com/jackc/pgproto3
(Go)
Mar 4, 2024
ProTip!
Advisories are also available from the
GraphQL API