Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,850
Erlang
36
GitHub Actions
34
Go
2,480
Maven
5,000+
npm
4,097
NuGet
734
pip
3,910
Pub
12
RubyGems
945
Rust
1,014
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,480 advisories

Loading
Rancher Fleet Helm Values are stored inside BundleDeployment in plain text High
CVE-2024-52284 was published for github.com/rancher/fleet (Go) Aug 29, 2025
github.com/gorilla/csrf improperly validates TrustedOrigins allowing CSRF attacks Moderate
CVE-2025-47909 was published for github.com/gorilla/csrf (Go) Aug 29, 2025
gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm High
CVE-2025-58157 was published for github.com/consensys/gnark (Go) Aug 29, 2025
Harness Allows Arbitrary File Write in Gitness LFS server High
CVE-2025-58158 was published for github.com/harness/gitness (Go) Aug 29, 2025
TheKavorka
Versity panic induced by AWS chunked data sent to port High
GHSA-v2ch-c8v8-fgr7 was published for github.com/versity/versitygw (Go) Aug 29, 2025
tonyipm
Rancher affected by unauthenticated Denial of Service High
CVE-2024-58259 was published for github.com/rancher/rancher (Go) Aug 29, 2025
HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads High
CVE-2025-6203 was published for github.com/hashicorp/vault (Go) Aug 28, 2025
github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives Moderate
CVE-2025-58058 was published for github.com/ulikunitz/xz (Go) Aug 28, 2025
Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token Low
GHSA-3rw9-wmc8-8948 was published for github.com/coder/coder/v2 (Go) Aug 28, 2025
spikecurtis
Contrast leaks workload secrets to logs on INFO level High
GHSA-vxg3-w9rv-rhr2 was published for github.com/edgelesssys/contrast (Go) Aug 28, 2025
katexochen
NeuVector admin account has insecure default password Critical
CVE-2025-8077 was published for github.com/neuvector/neuvector (Go) Aug 28, 2025
NeuVector process with sensitive arguments lead to leakage Moderate
CVE-2025-54467 was published for github.com/neuvector/neuvector (Go) Aug 28, 2025
NeuVector has an insecure password storage vulnerable to rainbow attack Moderate
CVE-2025-53884 was published for github.com/neuvector/neuvector (Go) Aug 28, 2025
Kubernetes Nodes can delete themselves by adding an OwnerReference Moderate
CVE-2025-5187 was published for k8s.io/kubernetes (Go) Aug 27, 2025
simple-admin-core SQL Injection vulnerability High
CVE-2025-51667 was published for github.com/suyuan32/simple-admin-core (Go) Aug 27, 2025
traQ Allows Insertion of Sensitive Information into Log File Moderate
CVE-2025-57813 was published for github.com/traPtitech/traQ (Go) Aug 26, 2025
ras0q
gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks High
CVE-2025-57801 was published for github.com/consensys/gnark (Go) Aug 22, 2025
sunyxedu A7um
XlabAITeam zL1nX
Dpanel has an arbitrary file read vulnerability Moderate
CVE-2025-53363 was published for github.com/donknap/dpanel (Go) Aug 22, 2025
LTLTLXEY
Mattermost has Potential Server Crash due to Unvalidated Import Data Moderate
CVE-2025-8402 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Fails to Sanitize File Names Moderate
CVE-2025-6465 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data Moderate
GHSA-2464-8j7c-4cjm was published for github.com/go-viper/mapstructure/v2 (Go) Aug 21, 2025
cipherboy
Mattermost Fails to Sanitize Path Traversal Sequences Moderate
CVE-2025-8023 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Fails to Validate Remote Cluster Upload Sessions Moderate
CVE-2025-49222 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Fails to Validate File Paths Moderate
CVE-2025-36530 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Fails to Properly Validate Team Role Modification Low
CVE-2025-53971 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database