GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,925 advisories
Filter by severity
Vulnerable juju introspection abstract UNIX domain socket
Moderate
CVE-2024-8038
was published
for
github.com/juju/juju
(Go)
Oct 3, 2024
Vulnerable juju hook tool abstract UNIX domain socket
Moderate
CVE-2024-8037
was published
for
github.com/juju/juju
(Go)
Oct 3, 2024
PAM module may allow accessing with the credentials of another user
High
CVE-2024-9313
was published
for
github.com/ubuntu/authd
(Go)
Oct 3, 2024
OpenTofu potential leaking of secret variable values when using static evaluation in v1.8
Low
GHSA-wpr2-j6gr-pjw9
was published
for
github.com/opentofu/opentofu
(Go)
Oct 3, 2024
JUJU_CONTEXT_ID is a predictable authentication secret
Moderate
CVE-2024-7558
was published
for
github.com/juju/juju
(Go)
Oct 3, 2024
Pomerium service account access token may grant unintended access to databroker API
High
CVE-2024-47616
was published
for
github.com/pomerium/pomerium
(Go)
Oct 2, 2024
Duplicate Advisory: Juju makes Use of Weak Credentials
High
GHSA-phh4-3hmm-24rx
was published
for
github.com/juju/juju
(Go)
Oct 2, 2024
•
withdrawn
Duplicate Advisory: Vulnerable juju hook tool abstract UNIX domain socket
Moderate
GHSA-fc27-7pf5-96v3
was published
for
github.com/juju/juju
(Go)
Oct 2, 2024
•
withdrawn
Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability
High
GHSA-85qf-6845-m8p2
was published
for
github.com/juju/juju
(Go)
Oct 2, 2024
•
withdrawn
Portainer improperly uses an encryption algorithm in the AesEncrypt function
High
CVE-2024-33662
was published
for
github.com/portainer/portainer
(Go)
Oct 2, 2024
Improper Input Validation in Buildah and Podman
Moderate
CVE-2024-9407
was published
for
github.com/containers/buildah
(Go)
Oct 1, 2024
Link Following in github.com/containers/common
Moderate
CVE-2024-9341
was published
for
github.com/containers/common
(Go)
Oct 1, 2024
Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability
High
CVE-2024-9355
was published
for
github.com/golang-fips/openssl/v2
(Go)
Oct 1, 2024
Incorrect delegation lookups can make go-tuf download the wrong artifact
High
CVE-2024-47534
was published
for
github.com/theupdateframework/go-tuf/v2
(Go)
Oct 1, 2024
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
High
CVE-2024-7594
was published
for
github.com/hashicorp/vault
(Go)
Sep 26, 2024
Rancher agents can be hijacked by taking over the Rancher Server URL
High
CVE-2024-22030
was published
for
github.com/rancher/rancher
(Go)
Sep 26, 2024
Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials
Moderate
CVE-2024-45042
was published
for
github.com/ory/kratos
(Go)
Sep 26, 2024
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events
Moderate
CVE-2024-47003
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Sep 26, 2024
Grafana Alloy on Windows has Unquoted Search Path or Element vulnerability
Moderate
CVE-2024-8975
was published
for
github.com/grafana/alloy
(Go)
Sep 25, 2024
Grafana Agent (Flow mode) on Windows has Unquoted Search Path or Element vulnerability
Moderate
CVE-2024-8996
was published
for
github.com/grafana/agent
(Go)
Sep 25, 2024
Apache Answer: Avatar URL leaked user email addresses
Moderate
CVE-2024-40761
was published
for
github.com/apache/incubator-answer
(Go)
Sep 25, 2024
Mellium allows Authentication Bypass by Spoofing
Critical
CVE-2024-46957
was published
for
mellium.im/xmpp
(Go)
Sep 25, 2024
Navidrome has Multiple SQL Injections and ORM Leak
Critical
CVE-2024-47062
was published
for
github.com/navidrome/navidrome
(Go)
Sep 20, 2024
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation
Moderate
CVE-2024-47060
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
ZITADEL's Service Users Deactivation not Working
High
CVE-2024-47000
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
ProTip!
Advisories are also available from the
GraphQL API