Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

58 advisories

Loading
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec Moderate
CVE-2024-22032 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io Moderate
CVE-2021-41092 was published for github.com/docker/cli (Go) Jun 10, 2024
MinIO information disclosure vulnerability Moderate
CVE-2024-36107 was published for github.com/minio/minio (Go) May 29, 2024
stefansundin shtripat
Dapr API Token Exposure Moderate
CVE-2024-35223 was published for github.com/dapr/dapr (Go) May 22, 2024
elena-kolevska artursouza
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins Moderate
CVE-2022-39201 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana User enumeration via forget password Moderate
CVE-2022-39307 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins Moderate
CVE-2022-31130 was published for github.com/grafana/grafana (Go) May 14, 2024
joaxcar
Zitadel exposing internal database user name and host information Moderate
CVE-2024-32967 was published for github.com/zitadel/zitadel (Go) May 1, 2024
stiwari99 fforootd
livio-a
Navidrome Parameter Tampering vulnerability Moderate
CVE-2024-32963 was published for github.com/navidrome/navidrome (Go) May 1, 2024
viliald
Mattermost's detailed error messages reveal the full file path Moderate
CVE-2024-32046 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
Information disclosure in podman Moderate
CVE-2020-14370 was published for github.com/containers/podman/v2 (Go) Apr 24, 2024
Minder GetRepositoryByName data leak Moderate
CVE-2024-31455 was published for github.com/stacklok/minder (Go) Apr 9, 2024
eleftherias
Helm shows secrets in clear text Moderate
CVE-2019-25210 was published for helm.sh/helm/v3 (Go) Mar 3, 2024
oscerd
Mattermost leaks details of AD/LDAP groups of a teams Moderate
CVE-2024-23493 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
containerd environment variable leak Moderate
CVE-2021-21334 was published for github.com/containerd/containerd (Go) Jan 31, 2024
Enumeration of users in HashiCorp Vault Moderate
CVE-2020-35177 was published for github.com/hashicorp/vault (Go) Jan 31, 2024
Grafana Arbitrary File Read Moderate
CVE-2019-19499 was published for github.com/grafana/grafana/pkg/tsdb/mysql (Go) Jan 31, 2024
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-44312 was published for github.com/apache/servicecomb-service-center (Go) Jan 31, 2024
CubeFS leaks magic secret key when starting Blobstore access service Moderate
CVE-2023-46741 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz
Mattermost notified all users in the channel when using WebSockets to respond individually Moderate
CVE-2023-48732 was published for github.com/mattermost/mattermost-server/v6 (Go) Jan 2, 2024
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-6459 was published for github.com/mattermost/mattermost-server/v6 (Go) Dec 6, 2023
github.com/go-resty/resty/v2 HTTP request body disclosure Moderate
CVE-2023-45286 was published for github.com/go-resty/resty/v2 (Go) Nov 28, 2023
shanduur Kryvchun
billinghamj deerbone neilgierman hansmi
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-45223 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-43754 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
capsule-proxy service discloses Namespaces of colliding tenants to owners of different tenants with the same ServiceAccount name Moderate
CVE-2023-46254 was published for github.com/projectcapsule/capsule (Go) Nov 7, 2023
mtheeren-asml prometherion
ProTip! Advisories are also available from the GraphQL API