Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure Low
CVE-2026-45683 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias and grcevski grcevski grcevski
Nhost Leaks Refresh Tokens via URL Query Parameter in OAuth Provider Callback Low
CVE-2026-34969 was published for github.com/nhost/nhost (Go) Apr 1, 2026
0xkakash1 Credited to 0xkakash1
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output Low
GHSA-j5vm-7qcc-2wwg was published for github.com/kopia/kopia (Go) Apr 10, 2024
Mattermost incorrectly allows access individual posts Low
CVE-2024-1952 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost race condition Low
CVE-2024-1949 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
uTLS has a fingerprint vulnerability from missing padding extension for Chrome 120 Low
CVE-2026-26995 was published for github.com/refraction-networking/utls (Go) Feb 18, 2026
Gitea improperly exposes issue and pull request titles Low
CVE-2026-20800 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Atlantis Exposes Service Version Publicly on /status API Endpoint Low
CVE-2025-58445 was published for github.com/runatlantis/atlantis (Go) Sep 5, 2025
matthewmrichter Credited to matthewmrichter
OpenTofu potential leaking of secret variable values when using static evaluation in v1.8 Low
GHSA-wpr2-j6gr-pjw9 was published for github.com/opentofu/opentofu (Go) Oct 3, 2024
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go Low
GHSA-xr7q-jx4m-x55m was published for google.golang.org/grpc (Go) Jul 5, 2024
Container build can leak any path on the host into the container Low
GHSA-vp35-85q5-9f25 was published for github.com/docker/docker (Go) Nov 11, 2022
leonwxqian Credited to leonwxqian, corhere, and neersighted corhere corhere
neersighted neersighted
Grafana Forward OAuth Identity Token can allow users to access some data sources Low
CVE-2022-21673 was published for github.com/grafana/grafana (Go) May 14, 2024
mxalis Credited to mxalis
Caddy allows enumeration of Certificates and Hostnames Low
CVE-2018-19148 was published for github.com/caddyserver/caddy (Go) May 14, 2022
etcd Key name can be accessed via LeaseTimeToLive API Low
CVE-2023-32082 was published for github.com/etcd-io/etcd (Go) May 12, 2023
Cilium vulnerable to information leakage via incorrect ReferenceGrant handling Low
CVE-2023-34242 was published for github.com/cilium/cilium (Go) Jun 16, 2023
meyskens Credited to meyskens and bayandin bayandin bayandin
Traefik may display authorization header in the debug logs Low
CVE-2022-23469 was published for github.com/traefik/traefik/v2 (Go) Dec 8, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF Low
CVE-2022-41925 was published for tailscale.com/cmd (Go) Nov 21, 2022
emilytrau Credited to emilytrau and JJJollyjim JJJollyjim JJJollyjim
Exposure of SSH credentials in Rancher/Fleet Low
GHSA-wm2r-rp98-8pmh was published for github.com/rancher/rancher (Go) Apr 27, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database