GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
9 advisories
Juju allows arbitrary executable uploads via authenticated endpoint without authorization
High
CVE-2025-0928
was published
for
github.com/juju/juju
(Go)
Jul 9, 2025
Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization
Moderate
CVE-2025-53512
was published
for
github.com/juju/juju
(Go)
Jul 9, 2025
Juju zip slip vulnerability via authenticated endpoint
High
CVE-2025-53513
was published
for
github.com/juju/juju
(Go)
Jul 9, 2025
juju/utils leaks private key in certs
Moderate
CVE-2025-6224
was published
for
github.com/juju/utils/v4/cert
(Go)
Jul 1, 2025
Vulnerable juju introspection abstract UNIX domain socket
Moderate
CVE-2024-8038
was published
for
github.com/juju/juju
(Go)
Oct 3, 2024
JUJU_CONTEXT_ID is a predictable authentication secret
Moderate
CVE-2024-7558
was published
for
github.com/juju/juju
(Go)
Oct 3, 2024
Vulnerable juju hook tool abstract UNIX domain socket
Moderate
CVE-2024-8037
was published
for
github.com/juju/juju
(Go)
Oct 3, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm
High
GHSA-6vjm-54vp-mxhx
was published
for
github.com/juju/juju
(Go)
Aug 5, 2024
Pebble service manager's file pull API allows access by any user
Moderate
CVE-2024-3250
was published
for
github.com/canonical/pebble
(Go)
Apr 5, 2024
ProTip!
Advisories are also available from the
GraphQL API