GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
213 advisories
VictoriaMetrics' Snappy Decoder DoS Vulnerability is Causing OOM
Low
CVE-2025-65942
was published
for
github.com/VictoriaMetrics/VictoriaMetrics
(Go)
Nov 25, 2025
vet MCP Server SSE Transport DNS Rebinding Vulnerability
Low
CVE-2025-59163
was published
for
github.com/safedep/vet
(Go)
Sep 29, 2025
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace
Low
GHSA-q6hv-wcjr-wp8h
was published
for
github.com/kcp-dev/kcp
(Go)
Sep 26, 2025
Omni Wireguard SideroLink potential escape
Low
CVE-2025-59824
was published
for
github.com/siderolabs/omni
(Go)
Sep 24, 2025
Dragonfly's directories created via os.MkdirAll are not checked for permissions
Low
CVE-2025-59349
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 17, 2025
Atlantis Exposes Service Version Publicly on /status API Endpoint
Low
CVE-2025-58445
was published
for
github.com/runatlantis/atlantis
(Go)
Sep 5, 2025
Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token
Low
GHSA-3rw9-wmc8-8948
was published
for
github.com/coder/coder/v2
(Go)
Aug 28, 2025
ProTip!
Advisories are also available from the
GraphQL API