GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
663 advisories
Filter by severity
Path traversal and dereference of symlinks in Argo CD
High
CVE-2022-24348
was published
for
github.com/argoproj/argo-cd
(Go)
Feb 7, 2022
Argo CD Insecure default administrative password
High
CVE-2020-8828
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 26, 2021
Improper Restriction of Excessive Authentication Attempts in Argo API
High
CVE-2020-8827
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 26, 2021
cortex establishes TLS connections with `InsecureSkipVerify` set to `true`
High
CVE-2024-41265
was published
for
github.com/cortexproject/cortex
(Go)
Aug 1, 2024
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel
High
CVE-2024-39274
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost failed to disallow the modification of local users when syncing users in shared channels
High
CVE-2024-36492
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Filestash skips TLS certificate verification process when sending out email verification codes
High
CVE-2024-41256
was published
for
github.com/mickael-kerjean/filestash
(Go)
Jul 31, 2024
Filestash configured to skip TLS certificate verification when using the FTPS protocol
High
CVE-2024-41255
was published
for
github.com/mickael-kerjean/filestash
(Go)
Jul 31, 2024
soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests
High
CVE-2024-41956
was published
for
github.com/charmbracelet/soft-serve
(Go)
Aug 2, 2024
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
github.com/containers/image allows unexpected authenticated registry accesses
High
CVE-2024-3727
was published
for
github.com/containers/image
(Go)
May 14, 2024
fabedge has insecure permissions
High
CVE-2024-36536
was published
for
github.com/fabedge/fabedge
(Go)
Jul 24, 2024
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
High
CVE-2024-41121
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
High
CVE-2024-40634
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 22, 2024
NetBird uses a static initialization vector (IV)
High
CVE-2024-41260
was published
for
github.com/netbirdio/netbird
(Go)
Aug 1, 2024
Woodpecker's custom environment variables allow to alter execution flow of plugins
High
CVE-2024-41122
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm
High
GHSA-6vjm-54vp-mxhx
was published
for
github.com/juju/juju
(Go)
Aug 5, 2024
AdGuardHome privilege escalation vulnerability
High
CVE-2024-36586
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Jun 13, 2024
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
High
CVE-2023-32194
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
Rancher 'Audit Log' leaks sensitive information
High
CVE-2023-22649
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass
High
CVE-2024-29891
was published
for
github.com/zitadel/zitadel
(Go)
Mar 28, 2024
snapd Race Condition vulnerability
High
CVE-2022-3328
was published
for
github.com/snapcore/snapd
(Go)
Jan 8, 2024
Grafana Stored Cross-site Scripting in Unified Alerting
High
CVE-2022-31097
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Account Takeover via Session Fixation in Zitadel [Bypassing MFA]
High
CVE-2024-28197
was published
for
github.com/zitadel/zitadel
(Go)
Mar 11, 2024
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources
High
CVE-2021-25318
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
ProTip!
Advisories are also available from the
GraphQL API