Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,884
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,205
NuGet
743
pip
3,978
Pub
12
RubyGems
947
Rust
1,034
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,546 advisories

Loading
Nil dereference in NATS JWT, DoS of nats-server High
CVE-2020-26521 was published for github.com/nats-io/jwt (Go) Feb 11, 2022
Nil dereference in NATS JWT causing DoS of nats-server High
GHSA-hmm9-r2m2-qg9w was published for github.com/nats-io/nats-server/v2 (Go) May 21, 2021
Incorrect handling of credential expiry by /nats-io/nats-server High
GHSA-2c64-vj8g-vwrq was published for github.com/nats-io/nats-server/v2 (Go) May 21, 2021
Incorrect handling of credential expiry by /nats-io/nats-server Critical
CVE-2020-26892 was published for github.com/nats-io/jwt (Go) Feb 11, 2022
github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks High
CVE-2025-61595 was published for github.com/MANTRA-Chain/mantrachain (Go) Sep 30, 2025
Hellobloc
Canonical LXD CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI High
CVE-2025-54286 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns High
CVE-2025-54287 was published for github.com/lxc/lxd (Go) Oct 2, 2025
Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server Moderate
CVE-2025-54288 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Canonical LXD Vulnerable to Privilege Escalation via WebSocket Connection Hijacking in Operations API High
CVE-2025-54289 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Canonical LXD Project Existence Determination Through Error Handling in Image Export Function Moderate
CVE-2025-54290 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function High
CVE-2025-54293 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Canonical LXD Project Existence Determination Through Error Handling in Image Get Function Moderate
CVE-2025-54291 was published for github.com/canonical/lxd (Go) Oct 2, 2025
NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook High
CVE-2025-23267 was published for github.com/NVIDIA/gpu-operator (Go) Jul 17, 2025
Buildah allows build breakout using malicious Containerfiles and concurrent builds High
CVE-2024-11218 was published for github.com/containers/buildah (Go) Jan 21, 2025
eriksjolund
Rancher update on users can deny the service to the admin High
CVE-2024-58260 was published for github.com/rancher/rancher (Go) Sep 26, 2025
Rancher CLI SAML authentication is vulnerable to phishing attacks High
CVE-2024-58267 was published for github.com/rancher/rancher (Go) Sep 26, 2025
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint Moderate
CVE-2025-54468 was published for github.com/rancher/rancher (Go) Sep 26, 2025
Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook High
CVE-2025-59538 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 30, 2025
jake-ciolek crenshaw-dev
blakepettersson
argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload High
CVE-2025-59537 was published for github.com/argoproj/argo-cd (Go) Sep 30, 2025
s0ngsari530 jake-ciolek
crenshaw-dev blakepettersson
Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload High
CVE-2025-59531 was published for github.com/argoproj/argo-cd (Go) Sep 30, 2025
jake-ciolek crenshaw-dev
blakepettersson
Podman Creates Temporary File with Insecure Permissions High
CVE-2025-4953 was published for github.com/containers/podman/v5 (Go) Sep 16, 2025
Repository Credentials Race Condition Crashes Argo CD Server Moderate
CVE-2025-55191 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 30, 2025
thevilledev
Calico vulnerable to pod route hijacking Moderate
CVE-2022-28224 was published for github.com/projectcalico/calico (Go) Jun 7, 2022
joshbressers
NVIDIA Container Toolkit for all platforms contains an Untrusted Search Path Critical
CVE-2025-23266 was published for github.com/NVIDIA/gpu-operator (Go) Jul 17, 2025
Coder AgentAPI exposed user chat history via a DNS rebinding attack Moderate
CVE-2025-59956 was published for github.com/coder/agentapi (Go) Sep 29, 2025
eharris128
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database