Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,981 advisories

Loading
Nuclei Template Signature Verification Bypass Moderate
CVE-2024-43405 was published for github.com/projectdiscovery/nuclei/v3 (Go) Sep 4, 2024
GuyGoldenberg
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`) High
CVE-2024-45388 was published for github.com/spectolabs/hoverfly (Go) Sep 3, 2024
pwntester
The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD Moderate
CVE-2024-43803 was published for github.com/metal3-io/baremetal-operator (Go) Sep 3, 2024
CometBFT's state syncing validator from malicious node may lead to a chain split Moderate
GHSA-g5xx-c4hv-9ccc was published for github.com/cometbft/cometbft (Go) Sep 3, 2024
runc can be confused to create empty files/directories on the host Low
CVE-2024-45310 was published for github.com/opencontainers/runc (Go) Sep 3, 2024
rata alban
cyphar sdowell
Vault Leaks Client Token and Token Accessor in Audit Devices Moderate
CVE-2024-8365 was published for github.com/hashicorp/vault (Go) Sep 2, 2024
OPA for Windows has an SMB force-authentication vulnerability Moderate
CVE-2024-8260 was published for github.com/open-policy-agent/opa (Go) Aug 30, 2024
Hwameistor Potential Permission Leakage of Cluster Level Low
CVE-2024-45054 was published for github.com/hwameistor/hwameistor (Go) Aug 29, 2024
younaman
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability Moderate
CVE-2024-45043 was published for github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver (Go) Aug 29, 2024
DouglasHeriot Aneurysm9
arminru
Ollama can extract members of a ZIP archive outside of the parent directory High
CVE-2024-45436 was published for github.com/ollama/ollama (Go) Aug 29, 2024
CWA-2023-004: Excessive number of function parameters in compiled Wasm Moderate
GHSA-75qh-gg76-p2w4 was published for cosmwasm-vm (Go) Aug 27, 2024
Chisel's AUTH environment variable not respected in server entrypoint High
CVE-2024-43798 was published for github.com/jpillora/chisel (Go) Aug 27, 2024
lleyton korewaChino
jpillora
req may send an unintended request when a malformed URL is provided High
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window Moderate
CVE-2024-45244 was published for github.com/hyperledger/fabric (Go) Aug 25, 2024
Mattermost Plugin Channel Export excessive resource consumption Moderate
CVE-2024-43105 was published for github.com/mattermost/mattermost-plugin-channel-export (Go) Aug 23, 2024
c0rydoras
Mattermost allows guest user with read access to upload files to a channel Moderate
CVE-2024-43780 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams Moderate
CVE-2024-42497 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost allows team admin user without "Add Team Members" permission to disable invite URL Low
CVE-2024-40884 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
memos CORS Misconfiguration in server.go (GHSL-2024-034) High
CVE-2024-41659 was published for github.com/usememos/memos (Go) Aug 22, 2024
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036) Moderate
CVE-2024-41658 was published for github.com/casdoor/casdoor (Go) Aug 22, 2024
Casdoor CORS misconfiguration (GHSL-2024-035) High
CVE-2024-41657 was published for github.com/casdoor/casdoor (Go) Aug 22, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints High
CVE-2024-42490 was published for goauthentik.io (Go) Aug 22, 2024
m2a2
Mattermost doesn't restrict which roles can promote a user as system admin Moderate
CVE-2024-8071 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost Cross-Site Request Forgery vulnerability Moderate
CVE-2024-40886 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost allows remote/synthetic users to create sessions, reset passwords Moderate
CVE-2024-39836 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database