GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
58 advisories
Filter by severity
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
Moderate
CVE-2024-22032
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io
Moderate
CVE-2021-41092
was published
for
github.com/docker/cli
(Go)
Jun 10, 2024
MinIO information disclosure vulnerability
Moderate
CVE-2024-36107
was published
for
github.com/minio/minio
(Go)
May 29, 2024
Dapr API Token Exposure
Moderate
CVE-2024-35223
was published
for
github.com/dapr/dapr
(Go)
May 22, 2024
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
Moderate
CVE-2022-39201
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana User enumeration via forget password
Moderate
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Moderate
CVE-2022-31130
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Zitadel exposing internal database user name and host information
Moderate
CVE-2024-32967
was published
for
github.com/zitadel/zitadel
(Go)
May 1, 2024
Navidrome Parameter Tampering vulnerability
Moderate
CVE-2024-32963
was published
for
github.com/navidrome/navidrome
(Go)
May 1, 2024
Mattermost's detailed error messages reveal the full file path
Moderate
CVE-2024-32046
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Information disclosure in podman
Moderate
CVE-2020-14370
was published
for
github.com/containers/podman/v2
(Go)
Apr 24, 2024
Minder GetRepositoryByName data leak
Moderate
CVE-2024-31455
was published
for
github.com/stacklok/minder
(Go)
Apr 9, 2024
Helm shows secrets in clear text
Moderate
CVE-2019-25210
was published
for
helm.sh/helm/v3
(Go)
Mar 3, 2024
Mattermost leaks details of AD/LDAP groups of a teams
Moderate
CVE-2024-23493
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
containerd environment variable leak
Moderate
CVE-2021-21334
was published
for
github.com/containerd/containerd
(Go)
Jan 31, 2024
Enumeration of users in HashiCorp Vault
Moderate
CVE-2020-35177
was published
for
github.com/hashicorp/vault
(Go)
Jan 31, 2024
Grafana Arbitrary File Read
Moderate
CVE-2019-19499
was published
for
github.com/grafana/grafana/pkg/tsdb/mysql
(Go)
Jan 31, 2024
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-44312
was published
for
github.com/apache/servicecomb-service-center
(Go)
Jan 31, 2024
CubeFS leaks magic secret key when starting Blobstore access service
Moderate
CVE-2023-46741
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
Mattermost notified all users in the channel when using WebSockets to respond individually
Moderate
CVE-2023-48732
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Jan 2, 2024
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-6459
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Dec 6, 2023
github.com/go-resty/resty/v2 HTTP request body disclosure
Moderate
CVE-2023-45286
was published
for
github.com/go-resty/resty/v2
(Go)
Nov 28, 2023
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-45223
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-43754
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
capsule-proxy service discloses Namespaces of colliding tenants to owners of different tenants with the same ServiceAccount name
Moderate
CVE-2023-46254
was published
for
github.com/projectcapsule/capsule
(Go)
Nov 7, 2023
ProTip!
Advisories are also available from the
GraphQL API