Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,068 advisories

Loading
ComposioHQ has a directory traversal vulnerability Moderate
CVE-2025-56427 was published for composio (pip) Dec 4, 2025
Parcel has an Origin Validation Error vulnerability Moderate
CVE-2025-56648 was published for @parcel/reporter-dev-server (npm) Sep 17, 2025
R4356th G-Rath
Credited to R4356th and G-Rath
Mattermost Server allows attackers to create buttons that can launch API requests Moderate
CVE-2017-18890 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to webhook and slash command manipulation Moderate
CVE-2017-18889 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server exposes team creator's e-mail address to other members Moderate
CVE-2017-18887 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Apache SkyWalking has a stored XSS vulnerability Moderate
CVE-2025-54057 was published for org.apache.skywalking:apm-webapp (Maven) Nov 27, 2025
oscerd
Credited to oscerd
Ansible Community General Collection is vulnerable to exposure of sensitive information Moderate
CVE-2025-14010 was published for ansible (pip) Dec 4, 2025
reanguiano
Credited to reanguiano
LibreNMS Arbitrary File Read Moderate
CVE-2017-16759 was published for librenms/librenms (Composer) May 13, 2022
murrant
Credited to murrant
Mattermost Server has low entropy for authorization data as an OAuth 2.0 Service Provider Moderate
CVE-2017-18883 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
nitro-tpm-pcr-compute may allow kernel command line modification by an account operator Moderate
GHSA-xrv8-2pf5-f3q7 was published for nitro-tpm-pcr-compute (Rust) Dec 5, 2025
agraf mariusknaust
Credited to agraf and mariusknaust
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files. Moderate
CVE-2024-28862 was published for rotp (RubyGems) Mar 18, 2024
G-Rath
Credited to G-Rath
LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint Moderate
CVE-2025-65093 was published for librenms/librenms (Composer) Nov 18, 2025
marcelomulder
Credited to marcelomulder
Envoy's TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte Moderate
CVE-2025-66220 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyao phlax
ggreenway yanavlasov agrawroh
Credited to botengyao, phlax, ggreenway, yanavlasov, and agrawroh
Envoy crashes when JWT authentication is configured with the remote JWKS fetching Moderate
CVE-2025-64527 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyao phlax
agrawroh yanavlasov
Credited to botengyao, phlax, agrawroh, and yanavlasov
Mattermost Server is vulnerable to XSS through author_link field in Slack attachments Moderate
CVE-2017-18879 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server allows users with a session ID to revoke another users' session Moderate
CVE-2017-18878 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to XSS attacks against an OAuth 2.0 allow/deny page Moderate
CVE-2017-18877 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Snipe-IT is vulnerable to stored cross-site scripting Moderate
CVE-2025-65621 was published for snipe/snipe-it (Composer) Dec 1, 2025
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory Moderate
CVE-2024-27094 was published for @openzeppelin/contracts (npm) Feb 29, 2024
rholterhus
Credited to rholterhus
Apache Axis2 has Improper Input Validation Moderate
CVE-2012-5785 was published for org.apache.axis2:axis2 (Maven) May 17, 2022
steinybot
Credited to steinybot
Mattermost Server is vulnerable to Path Traversal when files are stored locally Moderate
CVE-2017-18876 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server does not prevent System Admin from arbitrary file creation Moderate
CVE-2017-18875 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Central Dogma's Login Function Has an Open Redirect Vulnerability Moderate
CVE-2025-11222 was published for com.linecorp.centraldogma:centraldogma-server-auth-shiro (Maven) Dec 4, 2025
minwoox
Credited to minwoox
mcp-server-kubernetes has potential security issue in exec_in_pod tool Moderate
CVE-2025-66404 was published for mcp-server-kubernetes (npm) Dec 3, 2025
lavenderlilly
Credited to lavenderlilly
step-ca Has Improper Authorization Check for SSH Certificate Revocation Moderate
CVE-2025-66406 was published for github.com/smallstep/certificates (Go) Dec 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database