Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint Moderate
GHSA-3278-c88v-xrh4 was published for github.com/kong/kubernetes-ingress-controller (Go) May 19, 2026
bugbunny-research Credited to bugbunny-research
Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service Moderate
CVE-2026-41181 was published for github.com/traefik/traefik/v2 (Go) May 4, 2026
lalalala5678 Credited to lalalala5678
Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL High
CVE-2026-40161 was published for github.com/tektoncd/pipeline (Go) Apr 21, 2026
kodareef5 Credited to kodareef5, vdemeester, stenzopolis1986-art, and waveywaves vdemeester vdemeester
stenzopolis1986-art stenzopolis1986-art waveywaves waveywaves
HashiCorp Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization High
CVE-2026-4525 was published for github.com/hashicorp/vault (Go) Apr 17, 2026
Mattermost fails to preserve the redacted state of burn-on-read posts during deletion Moderate
CVE-2026-2578 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users High
CVE-2026-27465 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
prateek-0490 Credited to prateek-0490
Mattermost doesn't restrict domains LLM can request to contact upstream Low
CVE-2025-31363 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
Pomerium exposed OAuth2 access and ID tokens in user info endpoint response Moderate
CVE-2024-39315 was published for github.com/pomerium/pomerium (Go) Jul 5, 2024
Enr1g Credited to Enr1g
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel Low
CVE-2023-3299 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24 Credited to anonymous4ACL24
Answer vulnerable to Insertion of Sensitive Information Into Sent Data Moderate
CVE-2023-1975 was published for github.com/answerdev/answer (Go) Apr 11, 2023
Exposure of Sensitive Information to an Unauthorized Actor and Insertion of Sensitive Information Into Sent Data in Calico Moderate
CVE-2020-13597 was published for github.com/projectcalico/calico (Go) Feb 15, 2022
richardfan0606 Credited to richardfan0606 and luhring luhring luhring
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database