Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

691 advisories

Loading
Meshery SQL Injection vulnerability High
CVE-2024-29031 was published for github.com/layer5io/meshery (Go) Aug 5, 2024
Owncast Cross-Site Request Forgery vulnerability High
CVE-2024-29026 was published for github.com/owncast/owncast (Go) Aug 5, 2024
RobotsAndPencils go-saml authentication bypass vulnerability High
CVE-2023-48703 was published for github.com/RobotsAndPencils/go-saml (Go) Aug 5, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm High
GHSA-6vjm-54vp-mxhx was published for github.com/juju/juju (Go) Aug 5, 2024
phvalguima manadart
SimonRichardson hpidcock lucistanescu eslerm
soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests High
CVE-2024-41956 was published for github.com/charmbracelet/soft-serve (Go) Aug 2, 2024
caarlos0 aymanbagabas
hdm deadpixi
NetBird uses a static initialization vector (IV) High
CVE-2024-41260 was published for github.com/netbirdio/netbird (Go) Aug 1, 2024
cortex establishes TLS connections with `InsecureSkipVerify` set to `true` High
CVE-2024-41265 was published for github.com/cortexproject/cortex (Go) Aug 1, 2024
Mattermost allows unsolicited invites to expose access to local channels High
CVE-2024-39777 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel High
CVE-2024-39274 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost failed to disallow the modification of local users when syncing users in shared channels High
CVE-2024-36492 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Beego privilege escalation vulnerability High
CVE-2024-40465 was published for github.com/beego/beego/v2 (Go) Jul 31, 2024
Beego privilege escalation vulnerability High
CVE-2024-40464 was published for github.com/beego/beego/v2 (Go) Jul 31, 2024
Filestash skips TLS certificate verification process when sending out email verification codes High
CVE-2024-41256 was published for github.com/mickael-kerjean/filestash (Go) Jul 31, 2024
Filestash configured to skip TLS certificate verification when using the FTPS protocol High
CVE-2024-41255 was published for github.com/mickael-kerjean/filestash (Go) Jul 31, 2024
Duplicate Advisory: Juju leaks of the sensitive context ID High
GHSA-8c64-q78q-87r6 was published for github.com/juju/juju (Go) Jul 29, 2024 withdrawn
fabedge has insecure permissions High
CVE-2024-36536 was published for github.com/fabedge/fabedge (Go) Jul 24, 2024
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint High
CVE-2024-40634 was published for github.com/argoproj/argo-cd (Go) Jul 22, 2024
jake-ciolek crenshaw-dev
pasha-codefresh
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable High
CVE-2024-41121 was published for go.woodpecker-ci.org/woodpecker (Go) Jul 19, 2024
Woodpecker's custom environment variables allow to alter execution flow of plugins High
CVE-2024-41122 was published for go.woodpecker-ci.org/woodpecker (Go) Jul 19, 2024
Sliver Allows Authenticated Operator-to-Server Remote Code Execution High
CVE-2024-41111 was published for github.com/bishopfox/sliver (Go) Jul 18, 2024
hyperreality
projectdiscovery/nuclei allows unsigned code template execution through workflows High
CVE-2024-40641 was published for github.com/projectdiscovery/nuclei/v3 (Go) Jul 17, 2024
Ovi3
Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions High
CVE-2024-6468 was published for github.com/hashicorp/vault (Go) Jul 11, 2024
westonsteimel
Evmos vulnerable to exploit of smart contract account and vesting High
CVE-2024-39696 was published for github.com/evmos/evmos/v18 (Go) Jul 10, 2024
GAtom22
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes High
CVE-2024-39321 was published for github.com/traefik/traefik/v2 (Go) Jul 5, 2024
MWedl
Gogs allows argument injection during the tagging of a new release High
CVE-2024-39933 was published for github.com/gogs/gogs (Go) Jul 4, 2024
ProTip! Advisories are also available from the GraphQL API