GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
906 advisories
Filter by severity
SFTPGo allows administrators to restrict command execution from the EventManager
Moderate
CVE-2024-52309
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Nov 21, 2024
cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs
Moderate
GHSA-r4pg-vg54-wxx4
was published
for
github.com/cert-manager/cert-manager
(Go)
Nov 20, 2024
Rancher Helm Applications may have sensitive values leaked
Moderate
CVE-2024-52282
was published
for
github.com/rancher/rancher
(Go)
Nov 20, 2024
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
Moderate
CVE-2024-52522
was published
for
github.com/rclone/rclone
(Go)
Nov 19, 2024
Stored XSS using two files in usememos/memos
Moderate
CVE-2023-0109
was published
for
github.com/usememos/memos
(Go)
Nov 15, 2024
Hashicorp Nomad Incorrect Authorization vulnerability
Moderate
CVE-2024-10975
was published
for
github.com/hashicorp/nomad
(Go)
Nov 7, 2024
Safearchive Path Traversal vulnerability
Moderate
CVE-2024-10389
was published
for
github.com/google/safearchive
(Go)
Nov 4, 2024
Gnark out-of-memory during deserialization with crafted inputs
Moderate
CVE-2024-50354
was published
for
github.com/consensys/gnark
(Go)
Oct 31, 2024
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability
Moderate
CVE-2024-10006
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
Hashicorp Consul Cross-site Scripting vulnerability
Moderate
CVE-2024-10086
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system
Moderate
CVE-2024-0133
was published
for
github.com/NVIDIA/nvidia-container-toolkit
(Go)
Oct 29, 2024
Mattermost server allows authenticated user to delete arbitrary post
Moderate
CVE-2024-50052
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 29, 2024
Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery
Moderate
CVE-2024-46872
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 29, 2024
Mattermost Server vulnerable to application crash from attacker-generated large response
Moderate
CVE-2024-47401
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 29, 2024
Mattermost Server allows user to get private channel names
Moderate
CVE-2024-10241
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 29, 2024
Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect')
Moderate
GHSA-wcx9-ccpj-hx3c
was published
for
github.com/coder/coder/v2
(Go)
Oct 28, 2024
Argo Workflows Controller: Denial of Service via malicious daemon Workflows
Moderate
CVE-2024-47827
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Oct 28, 2024
Denied Host Validation Bypass in Zitadel Actions
Moderate
CVE-2024-49753
was published
for
github.com/zitadel/zitadel
(Go)
Oct 25, 2024
Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse
Moderate
CVE-2023-26248
was published
for
github.com/libp2p/go-libp2p-kad-dht
(Go)
Oct 25, 2024
Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present
Moderate
CVE-2024-47825
was published
for
github.com/cilium/cilium
(Go)
Oct 21, 2024
Infinite loop in github.com/gomarkdown/markdown
Moderate
CVE-2024-44337
was published
for
github.com/gomarkdown/markdown
(Go)
Oct 15, 2024
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
Moderate
CVE-2024-9594
was published
for
github.com/kubernetes-sigs/image-builder
(Go)
Oct 15, 2024
KubeSphere IDOR vulnerability
Moderate
CVE-2024-46528
was published
for
github.com/kubesphere/kubesphere
(Go)
Oct 14, 2024
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Moderate
CVE-2024-47877
was published
for
github.com/codeclysm/extract
(Go)
Oct 11, 2024
Alist reflected Cross-Site Scripting vulnerability
Moderate
CVE-2024-47067
was published
for
github.com/alist-org/alist/v3
(Go)
Oct 10, 2024
ProTip!
Advisories are also available from the
GraphQL API