Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,603
Maven
5,000+
npm
4,250
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,184 advisories

Loading
Mattermost Server's OAuth 2.0 service is vulnerable to attack through Missing Authorization Moderate
CVE-2017-18872 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Rancher exposes sensitive information through audit logs Moderate
CVE-2024-58269 was published for github.com/rancher/rancher (Go) Oct 24, 2025
Rancher user retains access to clusters despite Global Role removal Moderate
CVE-2023-32199 was published for github.com/rancher/rancher (Go) Oct 24, 2025
Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret Moderate
CVE-2025-61926 was published for github.com/ossf/allstar (Go) Oct 10, 2025
AdamKorcz justaugustus
Credited to AdamKorcz and justaugustus
Coder AgentAPI exposed user chat history via a DNS rebinding attack Moderate
CVE-2025-59956 was published for github.com/coder/agentapi (Go) Sep 29, 2025
eharris128
Credited to eharris128
go-f3 Vulnerable to Cached Justification Verification Bypass Moderate
CVE-2025-59941 was published for github.com/filecoin-project/go-f3 (Go) Sep 29, 2025
lgprbs
Credited to lgprbs
Repository Credentials Race Condition Crashes Argo CD Server Moderate
CVE-2025-55191 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 30, 2025
thevilledev
Credited to thevilledev
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint Moderate
CVE-2025-54468 was published for github.com/rancher/rancher (Go) Sep 26, 2025
OpenBao and Vault Leak []byte Fields in Audit Logs Moderate
CVE-2025-62705 was published for github.com/openbao/openbao (Go) Oct 22, 2025
phil9909 satoqz
Credited to phil9909 and satoqz
OpenBao leaks HTTPRawBody in Audit Logs Moderate
CVE-2025-62513 was published for github.com/openbao/openbao (Go) Oct 22, 2025
Slack Nebula may accept arbitrary source IP addresses Moderate
CVE-2025-62820 was published for github.com/slackhq/nebula (Go) Oct 23, 2025
Mattermost Server allows XSS via CSRF Moderate
CVE-2016-11084 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution Moderate
CVE-2016-11083 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to XSS through crafted links Moderate
CVE-2016-11082 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server exposes information stored by a web browser Moderate
CVE-2016-11081 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server exposes account details to any Team Administrator Moderate
CVE-2016-11080 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server allows XSS via redirect URL Moderate
CVE-2016-11079 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to XSS through lack of link relationship attributes `noreferrer` and `noopener` Moderate
CVE-2016-11071 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server exposes sensitive information via its System Console UI Moderate
CVE-2016-11078 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server exposes sensitive information about team URLs via an API Moderate
CVE-2016-11075 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to XSS via a Legal or Support setting Moderate
CVE-2016-11073 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server's Session ID and Session Token are potentially compromised Moderate
CVE-2016-11072 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to XSS through customizable theme color-code values Moderate
CVE-2016-11070 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime faroukfaiz10
DuyTran-TomTom derekheld ebickle westonsteimel
Credited to joakime, faroukfaiz10, DuyTran-TomTom, derekheld, ebickle, and westonsteimel
Mattermost Server is vulnerable to Code Injection through its LDAP fields Moderate
CVE-2016-11068 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database