GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
93 advisories
Filter by severity
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-44312
was published
for
github.com/apache/servicecomb-service-center
(Go)
Jan 31, 2024
CubeFS leaks magic secret key when starting Blobstore access service
Moderate
CVE-2023-46741
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
Mattermost notified all users in the channel when using WebSockets to respond individually
Moderate
CVE-2023-48732
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Jan 2, 2024
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-6459
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Dec 6, 2023
github.com/ecies/go vulnerable to possible private key restoration
High
CVE-2023-49292
was published
for
github.com/ecies/go/v2
(Go)
Dec 5, 2023
github.com/go-resty/resty/v2 HTTP request body disclosure
Moderate
CVE-2023-45286
was published
for
github.com/go-resty/resty/v2
(Go)
Nov 28, 2023
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-45223
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-43754
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Attacker can cause Kyverno user to unintentionally consume insecure image
High
CVE-2023-47630
was published
for
github.com/kyverno/kyverno
(Go)
Nov 14, 2023
capsule-proxy service discloses Namespaces of colliding tenants to owners of different tenants with the same ServiceAccount name
Moderate
CVE-2023-46254
was published
for
github.com/projectcapsule/capsule
(Go)
Nov 7, 2023
Mattermost password hash disclosure vulnerability
Moderate
CVE-2023-5968
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 6, 2023
Argo CD cluster secret might leak in cluster details page
Critical
CVE-2023-40029
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Sep 11, 2023
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli
Critical
GHSA-h24c-6p6p-m3vx
was published
for
github.com/bnb-chain/tss-lib
(Go)
Sep 1, 2023
Yaklang Plugin's Fuzztag Component Allows Unauthorized Local File Reading
High
CVE-2023-40023
was published
for
github.com/yaklang/yaklang
(Go)
Aug 15, 2023
Mattermost fails to sanitize post metadata
Moderate
CVE-2023-4108
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
KubePi may leak password hash of any user
Moderate
CVE-2023-37916
was published
for
github.com/KubeOperator/kubepi
(Go)
Jul 21, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability
High
CVE-2023-34236
was published
for
github.com/weaveworks/tf-controller
(Go)
Jul 14, 2023
Cilium vulnerable to information leakage via incorrect ReferenceGrant handling
Low
CVE-2023-34242
was published
for
github.com/cilium/cilium
(Go)
Jun 16, 2023
Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited
Moderate
CVE-2023-33955
was published
for
github.com/minio/console
(Go)
May 26, 2023
etcd Key name can be accessed via LeaseTimeToLive API
Low
CVE-2023-32082
was published
for
github.com/etcd-io/etcd
(Go)
May 12, 2023
Ironic and ironic-inspector may expose as ConfigMaps
Moderate
CVE-2023-30841
was published
for
github.com/metal3-io/baremetal-operator
(Go)
Apr 26, 2023
Buildkit credentials inlined to Git URLs could end up in provenance attestation
Moderate
CVE-2023-26054
was published
for
github.com/moby/buildkit
(Go)
Mar 7, 2023
User data in TPM attestation vulnerable to MITM
High
GHSA-r2h5-3hgw-8j34
was published
for
github.com/edgelesssys/constellation/v2
(Go)
Feb 17, 2023
Helm vulnerable to information disclosure via getHostByName Function
Moderate
CVE-2023-25165
was published
for
helm.sh/helm/v3
(Go)
Feb 8, 2023
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set
Moderate
CVE-2023-24827
was published
for
github.com/anchore/syft
(Go)
Feb 8, 2023
ProTip!
Advisories are also available from the
GraphQL API