Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,041 advisories

Loading
Mattermost Server allows user to get private channel names Moderate
CVE-2024-10241 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 29, 2024
Mattermost server allows authenticated user to delete arbitrary post Moderate
CVE-2024-50052 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 29, 2024
Mattermost Server vulnerable to application crash from attacker-generated large response Moderate
CVE-2024-47401 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 29, 2024
Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery Moderate
CVE-2024-46872 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 29, 2024
Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') Moderate
GHSA-wcx9-ccpj-hx3c was published for github.com/coder/coder/v2 (Go) Oct 28, 2024
jchristov
Argo Workflows Controller: Denial of Service via malicious daemon Workflows Moderate
CVE-2024-47827 was published for github.com/argoproj/argo-workflows/v3 (Go) Oct 28, 2024
meln5674 agilgur5
Mattermost incorrectly issues two sessions when using desktop SSO Low
CVE-2024-10214 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 28, 2024
Withdrawn Advisory: go-mysql affected by go.uuid's Predictable UUID Identifiers Critical
GHSA-rc7v-65v6-m2v3 was published for github.com/go-mysql-org/go-mysql (Go) Oct 28, 2024 withdrawn
Fidget-Grep
github.com/crossplane/crossplane: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses Critical
GHSA-7h65-4p22-39j6 was published for github.com/crossplane/crossplane (Go) Oct 25, 2024
aditya-mayo
RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists Critical
GHSA-x7xj-jvwp-97rv was published for github.com/rancher/rke2 (Go) Oct 25, 2024
Rancher Remote Code Execution via Cluster/Node Drivers Critical
CVE-2024-22036 was published for github.com/rancher/rancher (Go) Oct 25, 2024
Exposure of vSphere's CPI and CSI credentials in Rancher High
CVE-2022-45157 was published for github.com/rancher/rancher (Go) Oct 25, 2024
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists Critical
CVE-2023-32197 was published for github.com/rancher/rancher (Go) Oct 25, 2024
User Registration Bypass in Zitadel High
CVE-2024-49757 was published for github.com/zitadel/zitadel (Go) Oct 25, 2024
evilgensec sevensolutions
fforootd stebenz
Denied Host Validation Bypass in Zitadel Actions Moderate
CVE-2024-49753 was published for github.com/zitadel/zitadel (Go) Oct 25, 2024
prdp1137 livio-a
fforootd
Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse Moderate
CVE-2023-26248 was published for github.com/libp2p/go-libp2p-kad-dht (Go) Oct 25, 2024
AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers Low
GHSA-rjfv-pjvx-mjgv was published for sigs.k8s.io/aws-load-balancer-controller (Go) Oct 24, 2024
Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present Moderate
CVE-2024-47825 was published for github.com/cilium/cilium (Go) Oct 21, 2024
christarazi
Permissive Regular Expression in tacquito High
GHSA-p5wf-cmr4-xrwr was published for github.com/facebookincubator/tacquito (Go) Oct 18, 2024
Grafana Command Injection And Local File Inclusion Via Sql Expressions Critical
CVE-2024-9264 was published for github.com/grafana/grafana (Go) Oct 18, 2024
Malayke
Duplicate Advisory: Permissive Regular Expression in tacquito Critical
GHSA-j42f-wc6v-5xpq was published for github.com/tacquito/tacquito (Go) Oct 17, 2024 withdrawn
VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder Critical
CVE-2024-9486 was published for github.com/kubernetes-sigs/image-builder (Go) Oct 15, 2024
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder Moderate
CVE-2024-9594 was published for github.com/kubernetes-sigs/image-builder (Go) Oct 15, 2024
Infinite loop in github.com/gomarkdown/markdown Moderate
CVE-2024-44337 was published for github.com/gomarkdown/markdown (Go) Oct 15, 2024
SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not Low
CVE-2024-48909 was published for github.com/authzed/spicedb (Go) Oct 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database