GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
935 advisories
Filter by severity
Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill
Moderate
CVE-2024-8462
was published
for
github.com/windmill-labs/windmill
(Go)
Sep 5, 2024
Nuclei Template Signature Verification Bypass
Moderate
CVE-2024-43405
was published
for
github.com/projectdiscovery/nuclei/v3
(Go)
Sep 4, 2024
The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD
Moderate
CVE-2024-43803
was published
for
github.com/metal3-io/baremetal-operator
(Go)
Sep 3, 2024
runc can be confused to create empty files/directories on the host
Moderate
CVE-2024-45310
was published
for
github.com/opencontainers/runc
(Go)
Sep 3, 2024
Vault Leaks Client Token and Token Accessor in Audit Devices
Moderate
CVE-2024-8365
was published
for
github.com/hashicorp/vault
(Go)
Sep 2, 2024
OPA for Windows has an SMB force-authentication vulnerability
Moderate
CVE-2024-8260
was published
for
github.com/open-policy-agent/opa
(Go)
Aug 30, 2024
Hwameistor Potential Permission Leakage of Cluster Level
Moderate
CVE-2024-45054
was published
for
github.com/hwameistor/hwameistor
(Go)
Aug 29, 2024
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability
Moderate
CVE-2024-45043
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
(Go)
Aug 29, 2024
CWA-2023-004: Excessive number of function parameters in compiled Wasm
Moderate
GHSA-75qh-gg76-p2w4
was published
for
cosmwasm-vm
(Go)
Aug 27, 2024
req may send an unintended request when a malformed URL is provided
Moderate
CVE-2024-45258
was published
for
github.com/imroc/req
(Go)
Aug 26, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window
Moderate
CVE-2024-45244
was published
for
github.com/hyperledger/fabric
(Go)
Aug 25, 2024
Mattermost Plugin Channel Export excessive resource consumption
Moderate
CVE-2024-43105
was published
for
github.com/mattermost/mattermost-plugin-channel-export
(Go)
Aug 23, 2024
Mattermost allows guest user with read access to upload files to a channel
Moderate
CVE-2024-43780
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost allows team admin user without "Add Team Members" permission to disable invite URL
Moderate
CVE-2024-40884
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036)
Moderate
CVE-2024-41658
was published
for
github.com/casdoor/casdoor
(Go)
Aug 22, 2024
Mattermost Cross-Site Request Forgery vulnerability
Moderate
CVE-2024-40886
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost doesn't restrict which roles can promote a user as system admin
Moderate
CVE-2024-8071
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost doesn't redact remote users' original email addresses
Moderate
CVE-2024-32939
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost allows remote/synthetic users to create sessions, reset passwords
Moderate
CVE-2024-39836
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
CWA-2024-006: wasmd non-deterministic module_query_safe query
Moderate
GHSA-fpgj-cr28-fvpx
was published
for
github.com/CosmWasm/wasmd
(Go)
Aug 21, 2024
Openshift Console insufficient entropy vulnerability
Moderate
CVE-2024-6508
was published
for
github.com/openshift/console
(Go)
Aug 21, 2024
Withdrawn Advisory: Kanister vulnerable to cluster-level privilege escalation
Moderate
CVE-2024-43403
was published
for
github.com/kanisterio/kanister
(Go)
Aug 20, 2024
•
withdrawn
Grafana plugin data sources vulnerable to access control bypass
Moderate
CVE-2024-6322
was published
for
github.com/grafana/grafana
(Go)
Aug 20, 2024
Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API
Moderate
CVE-2024-42486
was published
for
github.com/cilium/cilium
(Go)
Aug 16, 2024
Gateway API route matching order contradicts specification
Moderate
CVE-2024-42487
was published
for
github.com/cilium/cilium
(Go)
Aug 15, 2024
ProTip!
Advisories are also available from the
GraphQL API