Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,651
Erlang
34
GitHub Actions
26
Go
2,253
Maven
5,000+
npm
3,905
NuGet
702
pip
3,676
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

244 advisories

Loading
Dpanel's hard-coded JWT secret leads to remote code execution Critical
CVE-2025-30206 was published for github.com/donknap/dpanel (Go) Apr 15, 2025
NS-Sp4ce
Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR Critical
CVE-2025-32445 was published for github.com/argoproj/argo-events (Go) Apr 14, 2025
thevilledev
Dragonfly2 has hard coded cyptographic key Critical
CVE-2023-27584 was published for d7y.io/dragonfly/v2 (Go) Sep 19, 2024
cokeBeer
Alist vulnerable to Path Traversal Critical
CVE-2022-45969 was published for github.com/alist-org/alist/v3 (Go) Dec 16, 2022
Juju uses a UNIX domain socket without setting appropriate permissions Critical
CVE-2017-9232 was published for github.com/juju/juju (Go) May 13, 2022
Wazuh server vulnerable to remote code execution Critical
CVE-2025-24016 was published for github.com/wazuh/wazuh (Go) Apr 22, 2025
DanielFi GGP1
Traefik affected by Go HTTP Request Smuggling Vulnerability Critical
GHSA-5423-jcjm-2gpv was published for github.com/traefik/traefik/v2 (Go) Apr 18, 2025
varunbondre
Rancher Remote Code Execution via Cluster/Node Drivers Critical
CVE-2024-22036 was published for github.com/rancher/rancher (Go) Oct 25, 2024
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists Critical
CVE-2023-32197 was published for github.com/rancher/rancher (Go) Oct 25, 2024
NATS Server may fail to authorize certain Jetstream admin APIs Critical
CVE-2025-30215 was published for github.com/nats-io/nats-server/v2 (Go) Apr 15, 2025
zarqman
Rancher: Restricted Administrator can change Administrator's passwords Critical
CVE-2025-23391 was published for github.com/rancher/rancher (Go) Apr 1, 2025
XavierDuthil
Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input Critical
CVE-2025-30223 was published for github.com/beego/beego (Go) Mar 31, 2025
thevilledev
ingress-nginx admission controller RCE escalation Critical
CVE-2025-1974 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
MaysWind ezBookkeeping has Improper Privilege Management Critical
CVE-2024-57604 was published for github.com/mayswind/ezbookkeeping (Go) Feb 13, 2025
kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace Critical
CVE-2025-29922 was published for github.com/kcp-dev/kcp (Go) Mar 20, 2025
xmudrii
Gin mishandles a wildcard at the end of an origin string Critical
CVE-2019-25211 was published for github.com/gin-contrib/cors (Go) Jun 29, 2024
Fleet has SAML authentication vulnerability due to improper SAML response validation Critical
CVE-2025-27509 was published for github.com/fleetdm/fleet/v4 (Go) Mar 6, 2025
hakivvi lucasmrod
getvictor rh-colbymorgan jeffssh
Grafana Command Injection And Local File Inclusion Via Sql Expressions Critical
CVE-2024-9264 was published for github.com/grafana/grafana (Go) Oct 18, 2024
Malayke
cheqd-node affected by Non-deterministic JSON Unmarshalling of IBC Acknowledgement Critical
GHSA-33cr-m232-xqch was published for github.com/cheqd/cheqd-node (Go) Mar 11, 2025
swelf19
cheqd-node Security patch for upstream vulnerabilities in IBC-Go (ISA-2025-001) and Cosmos SDK (ISA-2025-002) Critical
GHSA-h2rp-8vpx-q9r4 was published for github.com/cheqd/cheqd-node (Go) Mar 13, 2025
gjermundgaraba
IBC-Go: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Critical
GHSA-4wf3-5qj9-368v was published for github.com/cosmos/ibc-go (Go) Mar 12, 2025
IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations Critical
CVE-2025-27507 was published for github.com/zitadel/zitadel (Go) Mar 4, 2025
amit-laish livio-a
fforootd adlerhurst
IBC-Go has Non-deterministic JSON Unmarshalling of IBC Acknowledgement Critical
GHSA-jg6f-48ff-5xrw was published for github.com/cosmos/ibc-go (Go) Feb 28, 2025
swelf19
Mattermost allows reading arbitrary files Critical
CVE-2025-20051 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 24, 2025
Mattermost allows reading arbitrary files related to importing boards Critical
CVE-2025-25279 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database