Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,244 advisories

Loading
Dragonfly incorrectly handles a task structure’s usedTrac field Moderate
CVE-2025-59348 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
Dragonfly's manager makes requests to external endpoints with disabled TLS authentication Moderate
CVE-2025-59347 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header Moderate
CVE-2025-59342 was published for github.com/esm-dev/esm.sh (Go) Sep 17, 2025
j3ssie
Credited to j3ssie
Temporal OSS Server Vulnerable to Allocation of Resources Without Limits or Throttling Moderate
CVE-2025-8396 was published for go.temporal.io/server (Go) Sep 15, 2025
Mattermost makes Use of Weak Hash Moderate
CVE-2025-9078 was published for github.com/mattermost/mattermost-server (Go) Sep 15, 2025
Mattermost Missing Authorization vulnerability Moderate
CVE-2025-9076 was published for github.com/mattermost/mattermost-server (Go) Sep 15, 2025
secrets-store-sync-controller discloses service account tokens in logs Moderate
CVE-2025-7445 was published for sigs.k8s.io/secrets-store-sync-controller (Go) Sep 5, 2025
Memos Vulnerable to Path Traversal via the CreateResource Endpoint Moderate
CVE-2025-56760 was published for github.com/usememos/memos (Go) Sep 4, 2025
Memos Vulnerable to Stored Cross-Site Scripting Moderate
CVE-2025-56761 was published for github.com/usememos/memos (Go) Sep 4, 2025
github.com/gorilla/csrf improperly validates TrustedOrigins allowing CSRF attacks Moderate
CVE-2025-47909 was published for github.com/gorilla/csrf (Go) Aug 29, 2025
github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives Moderate
CVE-2025-58058 was published for github.com/ulikunitz/xz (Go) Aug 28, 2025
NeuVector process with sensitive arguments lead to leakage Moderate
CVE-2025-54467 was published for github.com/neuvector/neuvector (Go) Aug 28, 2025
NeuVector has an insecure password storage vulnerable to rainbow attack Moderate
CVE-2025-53884 was published for github.com/neuvector/neuvector (Go) Aug 28, 2025
Kubernetes Nodes can delete themselves by adding an OwnerReference Moderate
CVE-2025-5187 was published for k8s.io/kubernetes (Go) Aug 27, 2025
traQ Allows Insertion of Sensitive Information into Log File Moderate
CVE-2025-57813 was published for github.com/traPtitech/traQ (Go) Aug 26, 2025
ras0q
Credited to ras0q
Dpanel has an arbitrary file read vulnerability Moderate
CVE-2025-53363 was published for github.com/donknap/dpanel (Go) Aug 22, 2025
LTLTLXEY
Credited to LTLTLXEY
Mattermost Fails to Sanitize File Names Moderate
CVE-2025-6465 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost has Potential Server Crash due to Unvalidated Import Data Moderate
CVE-2025-8402 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data Moderate
GHSA-2464-8j7c-4cjm was published for github.com/go-viper/mapstructure/v2 (Go) Aug 21, 2025
cipherboy
Credited to cipherboy
Mattermost Fails to Sanitize Path Traversal Sequences Moderate
CVE-2025-8023 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Does Not Sanitize the Team Invite ID Moderate
CVE-2025-47870 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Fails to Validate File Paths Moderate
CVE-2025-36530 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Fails to Validate Remote Cluster Upload Sessions Moderate
CVE-2025-49222 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
CRI-O has Potential High Memory Consumption from File Read Moderate
CVE-2025-4437 was published for github.com/cri-o/cri-o (Go) Aug 20, 2025
Default Credentials in nginx-defender Configuration Files Moderate
CVE-2025-55740 was published for github.com/Anipaleja/nginx-defender (Go) Aug 19, 2025
Anipaleja
Credited to Anipaleja
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database