Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,889 advisories

Loading
RBAC Roles for `etcd` created by Kamaji are not disjunct High
CVE-2024-42480 was published for github.com/clastix/kamaji (Go) Aug 12, 2024
SimonKienzler prometherion
Apache Answer: The link to reset the user's password will remain valid after sending a new link Moderate
CVE-2024-41890 was published for github.com/apache/incubator-answer (Go) Aug 12, 2024
Apache Answer: The link for resetting user password is not Single-Use Moderate
CVE-2024-41888 was published for github.com/apache/incubator-answer (Go) Aug 12, 2024
OpenFGA Authorization Bypass High
CVE-2024-42473 was published for github.com/openfga/openfga (Go) Aug 9, 2024
sidneibjunior
CosmWasm wasmd has large address count in ValidateBasic Low
GHSA-m3rh-cvr5-x6q4 was published for github.com/CosmWasm/wasmd (Go) Aug 8, 2024
sushiwushi
Gas mispricing in cosmwasm-vm Moderate
GHSA-rg2q-2jh9-447q was published for cosmwasm-vm (Go) Aug 8, 2024
unknownfeature
Gorush uses deprecated TLS versions Moderate
CVE-2024-41270 was published for github.com/appleboy/gorush (Go) Aug 6, 2024
Gitea Cross-site Scripting Vulnerability Critical
CVE-2024-6886 was published for code.gitea.io/gitea (Go) Aug 6, 2024
rudder-server is vulnerable to SQL injection High
CVE-2023-30625 was published for github.com/rudderlabs/rudder-server (Go) Aug 5, 2024
CasaOS Command Injection vulnerability High
CVE-2023-37469 was published for github.com/IceWhaleTech/CasaOS (Go) Aug 5, 2024
Owncast Path Traversal vulnerability Low
CVE-2024-31450 was published for github.com/owncast/owncast (Go) Aug 5, 2024
Meshery SQL Injection vulnerability Moderate
CVE-2024-35181 was published for github.com/layer5io/meshery (Go) Aug 5, 2024
Meshery SQL Injection vulnerability Moderate
CVE-2024-35182 was published for github.com/layer5io/meshery (Go) Aug 5, 2024
gotortc Cross-site Scripting vulnerability Moderate
CVE-2024-29191 was published for github.com/AlexxIT/go2rtc (Go) Aug 5, 2024
gotortc Cross-site Scripting vulnerability Moderate
CVE-2024-29193 was published for github.com/AlexxIT/go2rtc (Go) Aug 5, 2024
gotortc vulnerable to Cross-Site Request Forgery High
CVE-2024-29192 was published for github.com/AlexxIT/go2rtc (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta Moderate
CVE-2024-29028 was published for github.com/usememos/memos (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting Moderate
CVE-2024-29029 was published for github.com/usememos/memos (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /api/resource Moderate
CVE-2024-29030 was published for github.com/usememos/memos (Go) Aug 5, 2024
Meshery SQL Injection vulnerability High
CVE-2024-29031 was published for github.com/layer5io/meshery (Go) Aug 5, 2024
RobotsAndPencils go-saml authentication bypass vulnerability High
CVE-2023-48703 was published for github.com/RobotsAndPencils/go-saml (Go) Aug 5, 2024
Owncast Cross-Site Request Forgery vulnerability High
CVE-2024-29026 was published for github.com/owncast/owncast (Go) Aug 5, 2024
lorawan-stack Open Redirect vulnerability Moderate
CVE-2023-26494 was published for go.thethings.network/lorawan-stack/v3 (Go) Aug 5, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm High
GHSA-6vjm-54vp-mxhx was published for github.com/juju/juju (Go) Aug 5, 2024
phvalguima manadart
SimonRichardson hpidcock lucistanescu eslerm
Kubean vulnerable to cluster-level privilege escalation Moderate
CVE-2024-41820 was published for github.com/kubean-io/kubean (Go) Aug 5, 2024
younaman
ProTip! Advisories are also available from the GraphQL API