GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,889 advisories
Filter by severity
Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams
Moderate
CVE-2024-42497
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost allows team admin user without "Add Team Members" permission to disable invite URL
Low
CVE-2024-40884
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
memos CORS Misconfiguration in server.go (GHSL-2024-034)
High
CVE-2024-41659
was published
for
github.com/usememos/memos
(Go)
Aug 22, 2024
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036)
Moderate
CVE-2024-41658
was published
for
github.com/casdoor/casdoor
(Go)
Aug 22, 2024
Casdoor CORS misconfiguration (GHSL-2024-035)
High
CVE-2024-41657
was published
for
github.com/casdoor/casdoor
(Go)
Aug 22, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints
High
CVE-2024-42490
was published
for
goauthentik.io
(Go)
Aug 22, 2024
Mattermost allows remote/synthetic users to create sessions, reset passwords
Moderate
CVE-2024-39836
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost doesn't restrict which roles can promote a user as system admin
Moderate
CVE-2024-8071
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost doesn't redact remote users' original email addresses
Moderate
CVE-2024-32939
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost Cross-Site Request Forgery vulnerability
Moderate
CVE-2024-40886
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
CWA-2024-006: wasmd non-deterministic module_query_safe query
Moderate
GHSA-fpgj-cr28-fvpx
was published
for
github.com/CosmWasm/wasmd
(Go)
Aug 21, 2024
CWA-2024-005: Stackoverflow in wasmd
High
GHSA-g8w7-7vgg-x7xg
was published
for
github.com/CosmWasm/wasmd
(Go)
Aug 21, 2024
Openshift Console insufficient entropy vulnerability
High
CVE-2024-6508
was published
for
github.com/openshift/console
(Go)
Aug 21, 2024
Kanister vulnerable to cluster-level privilege escalation
High
CVE-2024-43403
was published
for
github.com/kanisterio/kanister
(Go)
Aug 20, 2024
LF Edge eKuiper has a SQL Injection in sqlKvStore
High
CVE-2024-43406
was published
for
ekuiper
(Go)
Aug 20, 2024
Capsule tenant owner with "patch namespace" permission can hijack system namespaces
High
CVE-2024-39690
was published
for
github.com/projectcapsule/capsule
(Go)
Aug 20, 2024
Grafana plugin data sources vulnerable to access control bypass
Moderate
CVE-2024-6322
was published
for
github.com/grafana/grafana
(Go)
Aug 20, 2024
Trufflehog vulnerable to Blind SSRF in some Detectors
Low
CVE-2024-43379
was published
for
github.com/trufflesecurity/trufflehog/v3
(Go)
Aug 19, 2024
Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API
Moderate
CVE-2024-42486
was published
for
github.com/cilium/cilium
(Go)
Aug 16, 2024
Gateway API route matching order contradicts specification
Moderate
CVE-2024-42487
was published
for
github.com/cilium/cilium
(Go)
Aug 15, 2024
Policy bypass for Host Firewall policy due to race condition in Cilium agent
Moderate
CVE-2024-42488
was published
for
github.com/cilium/cilium
(Go)
Aug 15, 2024
SQL injection in github.com/stashapp/stash
Critical
CVE-2024-32231
was published
for
github.com/stashapp/stash
(Go)
Aug 15, 2024
Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking
Moderate
CVE-2024-7625
was published
for
github.com/hashicorp/nomad
(Go)
Aug 15, 2024
Cosmos Hub (Gaia): The check for the height of cryptographic equivocation evidence is missing
Moderate
GHSA-83qr-9v2h-qxp4
was published
for
github.com/cosmos/gaia
(Go)
Aug 14, 2024
open-telemetry has an Observable Timing Discrepancy
Moderate
CVE-2024-42368
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension
(Go)
Aug 13, 2024
ProTip!
Advisories are also available from the
GraphQL API