GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
818 advisories
Filter by severity
Unencrypted traffic between nodes when using IPsec and L7 policies
Moderate
CVE-2024-28249
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
Moderate
CVE-2024-21662
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 18, 2024
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss
Moderate
CVE-2024-21652
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 18, 2024
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime
Moderate
CVE-2023-51699
was published
for
github.com/fluid-cloudnative/fluid
(Go)
Mar 15, 2024
Users with `create` but not `override` privileges can perform local sync
Moderate
CVE-2023-50726
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
1Panel is vulnerable to command injection
Moderate
CVE-2024-2352
was published
for
github.com/1Panel-dev/1Panel
(Go)
Mar 10, 2024
JWX vulnerable to a denial of service attack using compressed JWE message
Moderate
CVE-2024-28122
was published
for
github.com/lestrrat-go/jwx
(Go)
Mar 8, 2024
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
Moderate
CVE-2024-28180
was published
for
github.com/go-jose/go-jose/v3
(Go)
Mar 7, 2024
Grafana's users with permissions to create a data source can CRUD all data sources
Moderate
CVE-2024-1442
was published
for
github.com/grafana/grafana
(Go)
Mar 7, 2024
Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials
Moderate
CVE-2024-28110
was published
for
github.com/cloudevents/sdk-go/v2
(Go)
Mar 6, 2024
1Panel open source panel project has an unauthorized vulnerability.
Moderate
CVE-2024-27288
was published
for
github.com/1Panel-dev/1Panel
(Go)
Mar 6, 2024
CasaOS Username Enumeration
Moderate
CVE-2024-24766
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Mar 6, 2024
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
Moderate
CVE-2024-24786
was published
for
google.golang.org/protobuf
(Go)
Mar 6, 2024
pgproto3 SQL Injection via Protocol Message Size Overflow
Moderate
GHSA-7jwh-3vrq-q3m8
was published
for
github.com/jackc/pgproto3
(Go)
Mar 4, 2024
pgx SQL Injection via Protocol Message Size Overflow
Moderate
CVE-2024-27304
was published
for
github.com/jackc/pgproto3
(Go)
Mar 4, 2024
pgx SQL Injection via Line Comment Creation
Moderate
CVE-2024-27289
was published
for
github.com/jackc/pgx
(Go)
Mar 4, 2024
Helm shows secrets in clear text
Moderate
CVE-2019-25210
was published
for
helm.sh/helm/v3
(Go)
Mar 3, 2024
Mattermost fails to limit the number of role names
Moderate
CVE-2024-1953
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost allows attackers access to posts in channels they are not a member of
Moderate
CVE-2024-1942
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost fails to check the "invite_guest" permission
Moderate
CVE-2024-1888
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost leaks details of AD/LDAP groups of a teams
Moderate
CVE-2024-23493
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost denial of service through long emoji value
Moderate
CVE-2024-24988
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost post fetching without auditing in compliance export
Moderate
CVE-2024-1887
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
http-swagger XSS via PUT requests
Moderate
CVE-2024-25712
was published
for
github.com/swaggo/http-swagger
(Go)
Feb 29, 2024
jose2go vulnerable to denial of service via large p2c value
Moderate
CVE-2023-50658
was published
for
github.com/dvsekhvalnov/jose2go
(Go)
Feb 29, 2024
ProTip!
Advisories are also available from the
GraphQL API