Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

14 advisories

Loading
Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint Moderate
CVE-2026-34388 was published for github.com/fleetdm/fleet/v4 (Go) Mar 30, 2026
fuzzztf Credited to fuzzztf
malcontent: Nested archive extraction failure can drop content from scan inputs Moderate
CVE-2026-28407 was published for github.com/chainguard-dev/malcontent (Go) Feb 28, 2026
1seal Credited to 1seal and egibs egibs egibs
CometBFT has inconsistencies between how commit signatures are verified and how block time is derived High
GHSA-c32p-wcqj-j677 was published for github.com/cometbft/cometbft (Go) Jan 23, 2026
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation Moderate
CVE-2025-64435 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Credited to mihailkirov and Faeris95 Faeris95 Faeris95
Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook High
CVE-2025-59538 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 30, 2025
jake-ciolek Credited to jake-ciolek, crenshaw-dev, and blakepettersson crenshaw-dev crenshaw-dev
blakepettersson blakepettersson
Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload High
CVE-2025-59531 was published for github.com/argoproj/argo-cd (Go) Sep 30, 2025
jake-ciolek Credited to jake-ciolek, crenshaw-dev, and blakepettersson crenshaw-dev crenshaw-dev
blakepettersson blakepettersson
CometBFT allows a malicious peer to make node stuck in blocksync Moderate
CVE-2025-24371 was published for github.com/cometbft/cometbft (Go) Feb 3, 2025
unknownfeature Credited to unknownfeature
notation-go has an OS error when setting CRL cache leads to denial of signature verification Low
CVE-2024-51491 was published for github.com/notaryproject/notation-go (Go) Jan 13, 2025
Faeris95 Credited to Faeris95, JeyJeyGao, and shizhMSFT JeyJeyGao JeyJeyGao
shizhMSFT shizhMSFT
Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions High
CVE-2024-6468 was published for github.com/hashicorp/vault (Go) Jul 11, 2024
westonsteimel Credited to westonsteimel
Kubelet Incorrect Privilege Assignment Moderate
CVE-2019-11245 was published for k8s.io/kubernetes/cmd/kubelet (Go) Apr 24, 2024
HashiCorpVault does not correctly validate OCSP responses Moderate
CVE-2024-2660 was published for github.com/hashicorp/vault (Go) Apr 4, 2024
VTAdmin users that can create shards can deny access to other functions Moderate
CVE-2023-29195 was published for vitess.io/vitess (Go) May 11, 2023
AdamKorcz Credited to AdamKorcz and ajm188 ajm188 ajm188
vitess allows users to create keyspaces that can deny access to already existing keyspaces Moderate
CVE-2023-29194 was published for vitess.io/vitess (Go) Apr 11, 2023
AdamKorcz Credited to AdamKorcz and ajm188 ajm188 ajm188
Denial of service in Open Policy Agent High
CVE-2022-33082 was published for github.com/open-policy-agent/opa (Go) Jul 1, 2022
srenatus Credited to srenatus and kurt-r2c kurt-r2c kurt-r2c
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database