GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
885 advisories
Filter by severity
Authentik vulnerable to PKCE downgrade attack
Moderate
CVE-2024-23647
was published
for
goauthentik.io
(Go)
Jan 29, 2024
Grafana Email addresses and usernames can not be trusted
Moderate
CVE-2022-39306
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Zitadel exposing internal database user name and host information
Moderate
CVE-2024-32967
was published
for
github.com/zitadel/zitadel
(Go)
May 1, 2024
Grafana User enumeration via forget password
Moderate
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Mattermost leaks details of AD/LDAP groups of a teams
Moderate
CVE-2024-23493
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Rancher's External RoleTemplates can lead to privilege escalation
Moderate
CVE-2023-32196
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
CubeFS timing attack can leak user passwords
Moderate
CVE-2023-46739
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
Authenticated users can crash the CubeFS servers with maliciously crafted requests
Moderate
CVE-2023-46738
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
APM Server vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2024-23448
was published
for
github.com/elastic/apm-server
(Go)
Feb 8, 2024
ZITADEL's actions can overload reserved claims
Moderate
CVE-2024-29892
was published
for
github.com/zitadel/zitadel
(Go)
Mar 28, 2024
Grafana's users with permissions to create a data source can CRUD all data sources
Moderate
CVE-2024-1442
was published
for
github.com/grafana/grafana
(Go)
Mar 7, 2024
Mattermost fails to check the "invite_guest" permission
Moderate
CVE-2024-1888
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Insecure random string generator used for sensitive data
Moderate
CVE-2023-46740
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
Mattermost viewing archived public channels permissions vulnerability
Moderate
CVE-2023-47858
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Jan 2, 2024
CubeFS leaks magic secret key when starting Blobstore access service
Moderate
CVE-2023-46741
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
CubeFS leaks users key in logs
Moderate
CVE-2023-46742
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
Mattermost fails to authenticate the source of certain types of post actions
Moderate
CVE-2024-2447
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
Mattermost vulnerable to denial of service via large number of emoji reactions
Moderate
CVE-2024-1402
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 9, 2024
Grafana XSS via a query alias for the ElasticSearch datasource
Moderate
CVE-2020-24303
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-44312
was published
for
github.com/apache/servicecomb-service-center
(Go)
Jan 31, 2024
Mattermost Server doesn't limit the number of user preferences
Moderate
CVE-2024-28949
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
Grafana XSS via a column style
Moderate
CVE-2018-18624
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana stored XSS
Moderate
CVE-2020-11110
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana world readable configuration files
Moderate
CVE-2020-12459
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana XSS via the OpenTSDB datasource
Moderate
CVE-2020-13430
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API