Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,302
NuGet
760
pip
4,080
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,214 advisories

Loading
Babylon's BIP322 signature implementation is not fully compliant to the spec Moderate
GHSA-xq4h-wqm2-668w was published for github.com/babylonlabs-io/babylon/v4 (Go) Nov 24, 2025
Free5GC is vulnerable to DoS through its Npcf_BDTPolicyControl POST API Moderate
CVE-2025-60632 was published for github.com/free5gc/pcf (Go) Nov 24, 2025
Free5GC is vulnerable to DoS via the Nudm_SubscriberDataManagement API Moderate
CVE-2025-60633 was published for github.com/free5gc/openapi (Go) Nov 24, 2025
OpenFGA Improper Policy Enforcement Moderate
CVE-2025-64751 was published for github.com/openfga/openfga (Go) Nov 20, 2025
golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read Moderate
CVE-2025-47914 was published for golang.org/x/crypto (Go) Nov 19, 2025
leonklingele
Credited to leonklingele
golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption Moderate
CVE-2025-58181 was published for golang.org/x/crypto (Go) Nov 19, 2025
esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript Moderate
CVE-2025-65026 was published for github.com/esm-dev/esm.sh (Go) Nov 19, 2025
pyozzi-toss
Credited to pyozzi-toss
authentik's invitation expiry is delayed by at least 5 minutes Moderate
CVE-2025-64708 was published for goauthentik.io (Go) Nov 19, 2025
melizeche
Credited to melizeche
authentik allows a deactivated Service account to authenticate to OAuth Moderate
CVE-2025-64521 was published for goauthentik.io (Go) Nov 19, 2025
Mattermost allows system administrators to access password hashes and MFA secrets Moderate
CVE-2025-11794 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
Mattermost fails to properly restrict access to archived channel search API Moderate
CVE-2025-11776 was published for github.com/mattermost/mattermost (Go) Nov 14, 2025
Mattermost does not enforce MFA on WebSocket connections Moderate
CVE-2025-55070 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL Moderate
CVE-2025-55073 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
Soft Serve does not sanitize ANSI escape sequences in user input Moderate
CVE-2025-64494 was published for github.com/charmbracelet/soft-serve (Go) Nov 6, 2025
Tomer-PL caarlos0
Credited to Tomer-PL and caarlos0
KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes Moderate
CVE-2025-64437 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
xpivarc
Credited to mihailkirov, Faeris95, and xpivarc
KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes Moderate
CVE-2025-64436 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
xpivarc
Credited to mihailkirov, Faeris95, and xpivarc
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation Moderate
CVE-2025-64435 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing Moderate
CVE-2025-64434 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
KubeVirt Arbitrary Container File Read Moderate
CVE-2025-64433 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer Moderate
CVE-2025-64432 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
xpivarc
Credited to mihailkirov, Faeris95, and xpivarc
containerd CRI server: Host memory exhaustion through Attach goroutine leak Moderate
CVE-2025-64329 was published for github.com/containerd/containerd (Go) Nov 6, 2025
Wheat2018
Credited to Wheat2018
Kgateway transformation policy template can emit files from the container Moderate
GHSA-5pmx-7r6r-wfqq was published for github.com/kgateway-dev/kgateway/v2 (Go) Nov 4, 2025
rikatz
Credited to rikatz
kgateway is missing xDS authorization Moderate
CVE-2025-64323 was published for github.com/kgateway-dev/kgateway/v2 (Go) Nov 4, 2025
rikatz
Credited to rikatz
lakeFS affected by unauthenticated access to API usage metrics Moderate
CVE-2025-64179 was published for github.com/treeverse/lakefs (Go) Nov 3, 2025
arielshaqed nopcoder
Credited to arielshaqed and nopcoder
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode Moderate
CVE-2025-64716 was published for github.com/TecharoHQ/anubis (Go) Oct 30, 2025
nijel mbiesiad
Credited to nijel and mbiesiad
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database