Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,246
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

134 advisories

Loading
CoreDNS Cache Poisoning via a birthday attack Low
CVE-2023-30464 was published for github.com/coredns/coredns (Go) Sep 18, 2024
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission Low
CVE-2024-46989 was published for github.com/authzed/spicedb (Go) Sep 18, 2024
tim-mod
Mattermost incorrectly allows access individual posts Low
CVE-2024-1952 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
runc can be confused to create empty files/directories on the host Low
CVE-2024-45310 was published for github.com/opencontainers/runc (Go) Sep 3, 2024
rata alban
cyphar sdowell
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack Low
CVE-2024-45395 was published for github.com/sigstore/sigstore-go (Go) Sep 4, 2024
AdamKorcz codysoyland
Mattermost allows remote actor to set arbitrary RemoteId values for synced users Low
CVE-2024-41926 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Hwameistor Potential Permission Leakage of Cluster Level Low
CVE-2024-45054 was published for github.com/hwameistor/hwameistor (Go) Aug 29, 2024
younaman
Mattermost allows team admin user without "Add Team Members" permission to disable invite URL Low
CVE-2024-40884 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Trufflehog vulnerable to Blind SSRF in some Detectors Low
CVE-2024-43379 was published for github.com/trufflesecurity/trufflehog/v3 (Go) Aug 19, 2024
abankalarm
evmos allows transferring unvested tokens after delegations Low
CVE-2024-32873 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
SpiceDB exclusions can result in no permission returned when permission expected Low
CVE-2024-38361 was published for github.com/authzed/spicedb (Go) Jun 20, 2024
CosmWasm wasmd has large address count in ValidateBasic Low
GHSA-m3rh-cvr5-x6q4 was published for github.com/CosmWasm/wasmd (Go) Aug 8, 2024
sushiwushi
Mattermost did not properly restrict channel creation Low
CVE-2024-39837 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost failed to properly validate synced reactions Low
CVE-2024-29977 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost fails to properly restrict the access of files attached to posts Low
CVE-2024-23488 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost Cross-site Scripting vulnerability Low
CVE-2023-7113 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 29, 2023
Mattermost allows demoted guests to change group names Low
CVE-2023-50333 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 2, 2024
Mattermost race condition Low
CVE-2024-1949 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost Server Improper Access Control Low
CVE-2024-21848 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
Mattermost Jira Plugin does not properly check security levels Low
CVE-2024-24774 was published for github.com/mattermost/mattermost-plugin-jira (Go) Feb 9, 2024
Mattermost fails to check the required permissions Low
CVE-2024-24776 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 9, 2024
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims Low
CVE-2024-5798 was published for github.com/hashicorp/vault (Go) Jun 12, 2024
Potential proxy IP restriction bypass in Kubernetes Low
CVE-2020-8562 was published for k8s.io/kubernetes (Go) Feb 2, 2022
enj
Owncast Path Traversal vulnerability Low
CVE-2024-31450 was published for github.com/owncast/owncast (Go) Aug 5, 2024
1Panel's password verification is suspected to have a timing attack vulnerability Low
CVE-2024-30257 was published for github.com/1Panel-dev/1Panel (Go) Apr 18, 2024
ProTip! Advisories are also available from the GraphQL API