Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,927
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

897 advisories

Loading
Coder vulnerable to privilege escalation could lead to a cross workspace compromise High
CVE-2025-58437 was published for github.com/coder/coder/v2 (Go) Sep 5, 2025
johnstcn
podman kube play symlink traversal vulnerability High
CVE-2025-9566 was published for github.com/containers/podman/v4 (Go) Sep 4, 2025
Luap99
Soft Serve vulnerable to arbitrary file writing through SSH API High
CVE-2025-58355 was published for github.com/charmbracelet/soft-serve (Go) Sep 2, 2025
msanft caarlos0
gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm High
CVE-2025-58157 was published for github.com/consensys/gnark (Go) Aug 29, 2025
Harness Allows Arbitrary File Write in Gitness LFS server High
CVE-2025-58158 was published for github.com/harness/gitness (Go) Aug 29, 2025
TheKavorka
gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks High
CVE-2025-57801 was published for github.com/consensys/gnark (Go) Aug 22, 2025
sunyxedu A7um
XlabAITeam zL1nX
HashiCorp go-getter Vulnerable to Symlink Attacks High
CVE-2025-8959 was published for github.com/hashicorp/go-getter (Go) Aug 15, 2025
Rancher Fleet Helm Values are stored inside BundleDeployment in plain text High
CVE-2024-52284 was published for github.com/rancher/fleet (Go) Aug 29, 2025
Versity panic induced by AWS chunked data sent to port High
GHSA-v2ch-c8v8-fgr7 was published for github.com/versity/versitygw (Go) Aug 29, 2025
tonyipm
HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads High
CVE-2025-6203 was published for github.com/hashicorp/vault (Go) Aug 28, 2025
Rancher affected by unauthenticated Denial of Service High
CVE-2024-58259 was published for github.com/rancher/rancher (Go) Aug 29, 2025
Contrast leaks workload secrets to logs on INFO level High
GHSA-vxg3-w9rv-rhr2 was published for github.com/edgelesssys/contrast (Go) Aug 28, 2025
katexochen
gopkg.in/yaml.v3 Denial of Service High
CVE-2022-28948 was published for gopkg.in/yaml.v3 (Go) May 20, 2022
fourdim thediveo
n-bes
simple-admin-core SQL Injection vulnerability High
CVE-2025-51667 was published for github.com/suyuan32/simple-admin-core (Go) Aug 27, 2025
go-git clients vulnerable to DoS via maliciously crafted Git server replies High
CVE-2025-21614 was published for github.com/go-git/go-git (Go) Jan 6, 2025
bdilalu
1Panel agent certificate verification bypass leading to arbitrary command execution High
CVE-2025-54424 was published for github.com/1Panel-dev/1Panel/core (Go) Aug 1, 2025
lizicoco
Juju allows arbitrary executable uploads via authenticated endpoint without authorization High
CVE-2025-0928 was published for github.com/juju/juju (Go) Jul 9, 2025
tlm wallyworld
hpidcock Fedqys
Juju zip slip vulnerability via authenticated endpoint High
CVE-2025-53513 was published for github.com/juju/juju (Go) Jul 9, 2025
wallyworld hpidcock
Duplicate Advisory: Juju makes Use of Weak Credentials High
GHSA-phh4-3hmm-24rx was published for github.com/juju/juju (Go) Oct 2, 2024 withdrawn
Withdrawn Advisory: NULL Pointer Dereference in Protocol Buffers High
CVE-2021-22570 was published for Google.Protobuf (Composer) Jan 27, 2022 withdrawn
joshbressers
Cosmos SDK: x/group can halt when erroring in EndBlocker High
GHSA-47ww-ff84-4jrg was published for github.com/cosmos/cosmos-sdk (Go) Mar 12, 2025
External Secrets Operator's Missing Namespace Restriction Allows Unauthorized Secret Access High
CVE-2025-55196 was published for github.com/external-secrets/external-secrets (Go) Aug 13, 2025
gracedo moolen
Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout High
CVE-2025-53634 was published for github.com/ctfer-io/chall-manager (Go) Jul 10, 2025
Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive High
CVE-2025-53632 was published for github.com/ctfer-io/chall-manager (Go) Jul 10, 2025
Capsule tenant owner with "patch namespace" permission can hijack system namespaces High
CVE-2024-39690 was published for github.com/projectcapsule/capsule (Go) Aug 20, 2024
sparkEchooo
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database