GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
                  
                    
                      
                      All reviewed
                    
                    
                      5,000+
                    
                  
                  
                    
                      
                      Composer
                    
                    
                      4,950
                    
                  
                  
                    
                      
                      Erlang
                    
                    
                      39
                    
                  
                  
                    
                      
                      GitHub Actions
                    
                    
                      38
                    
                  
                  
                    
                      
                      Go
                    
                    
                      2,603
                    
                  
                  
                    
                      
                      Maven
                    
                    
                      5,000+
                    
                  
                  
                    
                      
                      npm
                    
                    
                      4,250
                    
                  
                  
                    
                      
                      NuGet
                    
                    
                      755
                    
                  
                  
                    
                      
                      pip
                    
                    
                      4,013
                    
                  
                  
                    
                      
                      Pub
                    
                    
                      12
                    
                  
                  
                    
                      
                      RubyGems
                    
                    
                      953
                    
                  
                  
                    
                      
                      Rust
                    
                    
                      1,048
                    
                  
                  
                    
                      
                      Swift
                    
                    
                      45
                    
                  
                  Unreviewed advisories
                  
                    
                      
                      All unreviewed
                    
                    
                      5,000+
                    
                  
            2,603 advisories
        Filter by severity
        
      
      
    
                    
                      Rancher Fleet Helm Values are stored inside BundleDeployment in plain text
                    
                      
  High
                    
                
                      
                        CVE-2024-52284
                      
                      was published
                        for
                        
                          github.com/rancher/fleet
                        
                        (Go)
                      Aug 29, 2025 
                    
                  
                    
                      github.com/gorilla/csrf improperly validates TrustedOrigins allowing CSRF attacks
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-47909
                      
                      was published
                        for
                        
                          github.com/gorilla/csrf
                        
                        (Go)
                      Aug 29, 2025 
                    
                  
                    
                      gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm
                    
                      
  High
                    
                
                      
                        CVE-2025-58157
                      
                      was published
                        for
                        
                          github.com/consensys/gnark
                        
                        (Go)
                      Aug 29, 2025 
                    
                  
                    
                      Harness Allows Arbitrary File Write in Gitness LFS server
                    
                      
  High
                    
                
                      
                        CVE-2025-58158
                      
                      was published
                        for
                        
                          github.com/harness/gitness
                        
                        (Go)
                      Aug 29, 2025 
                    
                  
                    
                      Versity panic induced by AWS chunked data sent to port
                    
                      
  High
                    
                
                      
                        GHSA-v2ch-c8v8-fgr7
                      
                      was published
                        for
                        
                          github.com/versity/versitygw
                        
                        (Go)
                      Aug 29, 2025 
                    
                  
                    
                      Rancher affected by unauthenticated Denial of Service
                    
                      
  High
                    
                
                      
                        CVE-2024-58259
                      
                      was published
                        for
                        
                          github.com/rancher/rancher
                        
                        (Go)
                      Aug 29, 2025 
                    
                  
                    
                      HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads
                    
                      
  High
                    
                
                      
                        CVE-2025-6203
                      
                      was published
                        for
                        
                          github.com/hashicorp/vault
                        
                        (Go)
                      Aug 28, 2025 
                    
                  
                    
                      github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-58058
                      
                      was published
                        for
                        
                          github.com/ulikunitz/xz
                        
                        (Go)
                      Aug 28, 2025 
                    
                  
                    
                      Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token
                    
                      
  Low
                    
                
                      
                        GHSA-3rw9-wmc8-8948
                      
                      was published
                        for
                        
                          github.com/coder/coder/v2
                        
                        (Go)
                      Aug 28, 2025 
                    
                  
                    
                      Contrast leaks workload secrets to logs on INFO level
                    
                      
  High
                    
                
                      
                        GHSA-vxg3-w9rv-rhr2
                      
                      was published
                        for
                        
                          github.com/edgelesssys/contrast
                        
                        (Go)
                      Aug 28, 2025 
                    
                  
                    
                      NeuVector admin account has insecure default password
                    
                      
  Critical
                    
                
                      
                        CVE-2025-8077
                      
                      was published
                        for
                        
                          github.com/neuvector/neuvector
                        
                        (Go)
                      Aug 28, 2025 
                    
                  
                    
                      NeuVector process with sensitive arguments lead to leakage
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-54467
                      
                      was published
                        for
                        
                          github.com/neuvector/neuvector
                        
                        (Go)
                      Aug 28, 2025 
                    
                  
                    
                      NeuVector has an  insecure password storage vulnerable to rainbow attack
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-53884
                      
                      was published
                        for
                        
                          github.com/neuvector/neuvector
                        
                        (Go)
                      Aug 28, 2025 
                    
                  
                    
                      Kubernetes Nodes can delete themselves by adding an OwnerReference
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-5187
                      
                      was published
                        for
                        
                          k8s.io/kubernetes
                        
                        (Go)
                      Aug 27, 2025 
                    
                  
                    
                      simple-admin-core SQL Injection vulnerability
                    
                      
  High
                    
                
                      
                        CVE-2025-51667
                      
                      was published
                        for
                        
                          github.com/suyuan32/simple-admin-core
                        
                        (Go)
                      Aug 27, 2025 
                    
                  
                    
                      traQ Allows Insertion of Sensitive Information into Log File
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-57813
                      
                      was published
                        for
                        
                          github.com/traPtitech/traQ
                        
                        (Go)
                      Aug 26, 2025 
                    
                  
                    
                      gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks
                    
                      
  High
                    
                
                      
                        CVE-2025-57801
                      
                      was published
                        for
                        
                          github.com/consensys/gnark
                        
                        (Go)
                      Aug 22, 2025 
                    
                  
                    
                      Dpanel has an arbitrary file read vulnerability
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-53363
                      
                      was published
                        for
                        
                          github.com/donknap/dpanel
                        
                        (Go)
                      Aug 22, 2025 
                    
                  
                    
                      Mattermost has Potential Server Crash due to Unvalidated Import Data
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-8402
                      
                      was published
                        for
                        
                          github.com/mattermost/mattermost-server
                        
                        (Go)
                      Aug 21, 2025 
                    
                  
                    
                      Mattermost Fails to Sanitize File Names
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-6465
                      
                      was published
                        for
                        
                          github.com/mattermost/mattermost-server
                        
                        (Go)
                      Aug 21, 2025 
                    
                  
                    
                      go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data
                    
                      
  Moderate
                    
                
                      
                        GHSA-2464-8j7c-4cjm
                      
                      was published
                        for
                        
                          github.com/go-viper/mapstructure/v2
                        
                        (Go)
                      Aug 21, 2025 
                    
                  
                    
                      Mattermost Fails to Sanitize Path Traversal Sequences
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-8023
                      
                      was published
                        for
                        
                          github.com/mattermost/mattermost-server
                        
                        (Go)
                      Aug 21, 2025 
                    
                  
                    
                      Mattermost Does Not Sanitize the Team Invite ID
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-47870
                      
                      was published
                        for
                        
                          github.com/mattermost/mattermost-server
                        
                        (Go)
                      Aug 21, 2025 
                    
                  
                    
                      Mattermost Server SSRF Vulnerability via the Agents Plugin
                    
                      
  Low
                    
                
                      
                        CVE-2025-47700
                      
                      was published
                        for
                        
                          github.com/mattermost/mattermost-server
                        
                        (Go)
                      Aug 21, 2025 
                    
                  
                    
                      Mattermost Lack of Access Control Validation
                    
                      
  Low
                    
                
                      
                        CVE-2025-49810
                      
                      was published
                        for
                        
                          github.com/mattermost/mattermost-server
                        
                        (Go)
                      Aug 21, 2025 
                    
                  
        
        ProTip!
        Advisories are also available from the 
        GraphQL API