GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,047 advisories
Filter by severity
Hashicorp Nomad Incorrect Privilege Assignment vulnerability
Moderate
CVE-2024-12678
was published
for
github.com/hashicorp/nomad
(Go)
Dec 20, 2024
OpenShift Must Gather Operator Improper Input Validation vulnerability
High
CVE-2024-25131
was published
for
github.com/openshift/must-gather
(Go)
Dec 19, 2024
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service
High
GHSA-5pf6-cq2v-23ww
was published
for
github.com/clidey/whodb/core
(Go)
Dec 19, 2024
Non-linear parsing of case-insensitive content in golang.org/x/net/html
High
CVE-2024-45338
was published
for
golang.org/x/net
(Go)
Dec 18, 2024
age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
Moderate
GHSA-32gq-x56h-299c
was published
for
filippo.io/age
(Go)
Dec 18, 2024
Open Cluster Management vulnerable to Trust Boundary Violation
High
CVE-2024-9779
was published
for
open-cluster-management.io/ocm
(Go)
Dec 18, 2024
Traefik affected by CVE-2024-53259
Moderate
GHSA-hxr6-2p24-hf98
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 17, 2024
ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion
High
GHSA-8wcc-m6j2-qxvm
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Dec 16, 2024
MinIO vulnerable to privilege escalation in IAM import API
High
CVE-2024-55949
was published
for
github.com/minio/minio
(Go)
Dec 16, 2024
Mattermost Data Amplification vulnerability
Moderate
CVE-2024-54682
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 16, 2024
Mattermost Race Condition vulnerability
Moderate
CVE-2024-48872
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 16, 2024
Mattermost Improper Validation of Specified Type of Input vulnerability
Moderate
CVE-2024-54083
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 16, 2024
Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service
Moderate
CVE-2024-12289
was published
for
github.com/hashicorp/boundary
(Go)
Dec 13, 2024
Beego has Collision Hazards of MD5 in Cache Key Filenames
Moderate
CVE-2024-55885
was published
for
github.com/beego/beego
(Go)
Dec 12, 2024
Potential Vulnerabilities Due to Outdated golang.org/x/crypto Dependency in NanoProxy
High
GHSA-7prj-hgx4-2xc3
was published
for
github.com/ryanbekhen/nanoproxy
(Go)
Dec 12, 2024
Duplicate Advisory: cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs
Moderate
CVE-2024-12401
was published
for
github.com/cert-manager/cert-manager
(Go)
Dec 12, 2024
•
withdrawn
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Critical
CVE-2024-45337
was published
for
golang.org/x/crypto
(Go)
Dec 11, 2024
SiYuan has an arbitrary file read via /api/template/render
High
CVE-2024-55657
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
SiYuan has an arbitrary file read and path traversal via /api/export/exportResources
High
CVE-2024-55658
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
SiYuan has an arbitrary file write in the host via /api/asset/upload
High
CVE-2024-55659
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
SiYuan has an SSTI via /api/template/renderSprig
Moderate
CVE-2024-55660
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
kcp's impersonation allows access to global administrative groups
Moderate
GHSA-c7xh-gjv4-4jgv
was published
for
github.com/kcp-dev/kcp
(Go)
Dec 11, 2024
CosmWasm VM Incorrect metering
Moderate
GHSA-2q97-m5rc-p3gp
was published
for
cosmwasm-vm
(Go)
Dec 10, 2024
Panic in wasmvm can slow down block production
Moderate
GHSA-vmqh-5232-v43r
was published
for
cosmwasm-vm
(Go)
Dec 10, 2024
Simulation of Wasmd message can cause crashing
Low
GHSA-vmg2-r3xv-r3xf
was published
for
github.com/CosmWasm/wasmd
(Go)
Dec 10, 2024
ProTip!
Advisories are also available from the
GraphQL API