Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
37
Go
2,526
Maven
5,000+
npm
4,189
NuGet
742
pip
3,968
Pub
12
RubyGems
947
Rust
1,030
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,526 advisories

Loading
Mattermost Open Redirect vulnerability High
CVE-2025-9072 was published for github.com/mattermost/mattermost-server (Go) Sep 15, 2025
Mattermost makes Use of Weak Hash Moderate
CVE-2025-9078 was published for github.com/mattermost/mattermost-server (Go) Sep 15, 2025
Mattermost Open Redirect vulnerability Low
CVE-2025-9084 was published for github.com/mattermost/mattermost-server (Go) Sep 15, 2025
Chaos Controller Manager is vulnerable to OS command injection Critical
CVE-2025-59360 was published for github.com/chaos-mesh/chaos-mesh (Go) Sep 15, 2025
Chaos Controller Manager is vulnerable to OS command injection Critical
CVE-2025-59361 was published for github.com/chaos-mesh/chaos-mesh (Go) Sep 15, 2025
Chaos Controller Manager is vulnerable to OS command injection Critical
CVE-2025-59359 was published for github.com/chaos-mesh/chaos-mesh (Go) Sep 15, 2025
Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function High
CVE-2025-59358 was published for github.com/chaos-mesh/chaos-mesh (Go) Sep 15, 2025
Mattermost Missing Authorization vulnerability Moderate
CVE-2025-9076 was published for github.com/mattermost/mattermost-server (Go) Sep 15, 2025
WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled High
CVE-2025-54376 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation Critical
CVE-2025-54123 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover High
CVE-2025-58430 was published for github.com/knadh/listmonk (Go) Sep 9, 2025
r3verii
CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion High
CVE-2025-58063 was published for github.com/coredns/coredns (Go) Sep 9, 2025
thevilledev
pREST has a Systemic SQL Injection Vulnerability Critical
CVE-2025-58450 was published for github.com/prest/prest/v2 (Go) Sep 8, 2025
v1ktor0t
Atlantis Exposes Service Version Publicly on /status API Endpoint Low
CVE-2025-58445 was published for github.com/runatlantis/atlantis (Go) Sep 5, 2025
matthewmrichter
secrets-store-sync-controller discloses service account tokens in logs Moderate
CVE-2025-7445 was published for sigs.k8s.io/secrets-store-sync-controller (Go) Sep 5, 2025
Coder vulnerable to privilege escalation could lead to a cross workspace compromise High
CVE-2025-58437 was published for github.com/coder/coder/v2 (Go) Sep 5, 2025
johnstcn
podman kube play symlink traversal vulnerability High
CVE-2025-9566 was published for github.com/containers/podman/v4 (Go) Sep 4, 2025
Luap99
Argo CD's Project API Token Exposes Repository Credentials Critical
CVE-2025-55190 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 4, 2025
ntammineni5 34fathombelow
alexmt jannfis crenshaw-dev svghadi
Memos Vulnerable to Stored Cross-Site Scripting Moderate
CVE-2025-56761 was published for github.com/usememos/memos (Go) Sep 4, 2025
Memos Vulnerable to Path Traversal via the CreateResource Endpoint Moderate
CVE-2025-56760 was published for github.com/usememos/memos (Go) Sep 4, 2025
Soft Serve vulnerable to arbitrary file writing through SSH API High
CVE-2025-58355 was published for github.com/charmbracelet/soft-serve (Go) Sep 2, 2025
msanft caarlos0
Rancher Fleet Helm Values are stored inside BundleDeployment in plain text High
CVE-2024-52284 was published for github.com/rancher/fleet (Go) Aug 29, 2025
github.com/gorilla/csrf improperly validates TrustedOrigins allowing CSRF attacks Moderate
CVE-2025-47909 was published for github.com/gorilla/csrf (Go) Aug 29, 2025
gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm High
CVE-2025-58157 was published for github.com/consensys/gnark (Go) Aug 29, 2025
Harness Allows Arbitrary File Write in Gitness LFS server High
CVE-2025-58158 was published for github.com/harness/gitness (Go) Aug 29, 2025
TheKavorka
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database