GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,150
Erlang
30
GitHub Actions
19
Go
1,952
Maven
5,000+
npm
3,684
NuGet
650
pip
3,305
Pub
11
RubyGems
879
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,952 advisories
Filter by severity
gotortc Cross-site Scripting vulnerability
Moderate
CVE-2024-29191
was published
for
github.com/AlexxIT/go2rtc
(Go)
Aug 5, 2024
gotortc vulnerable to Cross-Site Request Forgery
High
CVE-2024-29192
was published
for
github.com/AlexxIT/go2rtc
(Go)
Aug 5, 2024
gotortc Cross-site Scripting vulnerability
Moderate
CVE-2024-29193
was published
for
github.com/AlexxIT/go2rtc
(Go)
Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /api/resource
Moderate
CVE-2024-29030
was published
for
github.com/usememos/memos
(Go)
Aug 5, 2024
Meshery SQL Injection vulnerability
High
CVE-2024-29031
was published
for
github.com/layer5io/meshery
(Go)
Aug 5, 2024
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta
Moderate
CVE-2024-29028
was published
for
github.com/usememos/memos
(Go)
Aug 5, 2024
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting
Moderate
CVE-2024-29029
was published
for
github.com/usememos/memos
(Go)
Aug 5, 2024
Owncast Cross-Site Request Forgery vulnerability
High
CVE-2024-29026
was published
for
github.com/owncast/owncast
(Go)
Aug 5, 2024
RobotsAndPencils go-saml authentication bypass vulnerability
High
CVE-2023-48703
was published
for
github.com/RobotsAndPencils/go-saml
(Go)
Aug 5, 2024
lorawan-stack Open Redirect vulnerability
Moderate
CVE-2023-26494
was published
for
go.thethings.network/lorawan-stack/v3
(Go)
Aug 5, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm
High
GHSA-6vjm-54vp-mxhx
was published
for
github.com/juju/juju
(Go)
Aug 5, 2024
Kubean vulnerable to cluster-level privilege escalation
Moderate
CVE-2024-41820
was published
for
github.com/kubean-io/kubean
(Go)
Aug 5, 2024
In regclient, pinned manifest digests may be ignored
Moderate
GHSA-qv35-3gw6-8q4j
was published
for
github.com/regclient/regclient
(Go)
Aug 5, 2024
APM Server vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2024-37286
was published
for
github.com/elastic/apm-server
(Go)
Aug 3, 2024
Podman vulnerable to memory-based denial of service
High
CVE-2024-3056
was published
for
github.com/containers/podman
(Go)
Aug 2, 2024
soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests
High
CVE-2024-41956
was published
for
github.com/charmbracelet/soft-serve
(Go)
Aug 2, 2024
Navidrome uses MD5 hashing algorithm
Moderate
CVE-2024-41259
was published
for
github.com/navidrome/navidrome
(Go)
Aug 1, 2024
cortex establishes TLS connections with `InsecureSkipVerify` set to `true`
High
CVE-2024-41265
was published
for
github.com/cortexproject/cortex
(Go)
Aug 1, 2024
NetBird uses a static initialization vector (IV)
High
CVE-2024-41260
was published
for
github.com/netbirdio/netbird
(Go)
Aug 1, 2024
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification
Moderate
CVE-2024-41264
was published
for
github.com/casdoor/casdoor
(Go)
Aug 1, 2024
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling
Moderate
CVE-2024-39832
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows a user on a remote to set their remote username prop to an arbitrary string
Moderate
CVE-2024-39839
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows a remote actor to make an arbitrary local channel read-only
Moderate
CVE-2024-41162
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows remote actor to create/update/delete posts in arbitrary channels
Moderate
CVE-2024-41144
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost did not properly restrict channel creation
Low
CVE-2024-39837
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
ProTip!
Advisories are also available from the
GraphQL API