GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,055 advisories
Filter by severity
Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations
Low
CVE-2024-51744
was published
for
github.com/golang-jwt/jwt/v4
(Go)
Nov 4, 2024
Safearchive Path Traversal vulnerability
Moderate
CVE-2024-10389
was published
for
github.com/google/safearchive
(Go)
Nov 4, 2024
Plenti arbitrary file deletion vulnerability
High
CVE-2024-49381
was published
for
github.com/plentico/plenti
(Go)
Oct 31, 2024
Plenti arbitrary file write vulnerability
High
CVE-2024-49380
was published
for
github.com/plentico/plenti
(Go)
Oct 31, 2024
Ollama Out-of-bounds Read
High
CVE-2024-39720
was published
for
github.com/ollama/ollama
(Go)
Oct 31, 2024
Gnark out-of-memory during deserialization with crafted inputs
Moderate
CVE-2024-50354
was published
for
github.com/consensys/gnark
(Go)
Oct 31, 2024
Hashicorp Vault vulnerable to denial of service through memory exhaustion
High
CVE-2024-8185
was published
for
github.com/hashicorp/vault
(Go)
Oct 31, 2024
Hashicorp Consul Cross-site Scripting vulnerability
Moderate
CVE-2024-10086
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
Hashicorp Consul Path Traversal vulnerability
High
CVE-2024-10005
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability
Moderate
CVE-2024-10006
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system
Moderate
CVE-2024-0133
was published
for
github.com/NVIDIA/nvidia-container-toolkit
(Go)
Oct 29, 2024
NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability
Critical
CVE-2024-0132
was published
for
github.com/NVIDIA/nvidia-container-toolkit
(Go)
Oct 29, 2024
Grafana org admin can delete pending invites in different org
Low
CVE-2024-10452
was published
for
github.com/grafana/grafana
(Go)
Oct 29, 2024
Kyverno's PolicyException objects can be created in any namespace by default
High
CVE-2024-48921
was published
for
github.com/kyverno/kyverno
(Go)
Oct 29, 2024
Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery
Moderate
CVE-2024-46872
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 29, 2024
Mattermost server allows authenticated user to delete arbitrary post
Moderate
CVE-2024-50052
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 29, 2024
Mattermost Server vulnerable to application crash from attacker-generated large response
Moderate
CVE-2024-47401
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 29, 2024
Mattermost Server allows user to get private channel names
Moderate
CVE-2024-10241
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 29, 2024
Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect')
Moderate
GHSA-wcx9-ccpj-hx3c
was published
for
github.com/coder/coder/v2
(Go)
Oct 28, 2024
Argo Workflows Controller: Denial of Service via malicious daemon Workflows
Moderate
CVE-2024-47827
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Oct 28, 2024
Mattermost incorrectly issues two sessions when using desktop SSO
Low
CVE-2024-10214
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 28, 2024
Withdrawn Advisory: go-mysql affected by go.uuid's Predictable UUID Identifiers
Critical
GHSA-rc7v-65v6-m2v3
was published
for
github.com/go-mysql-org/go-mysql
(Go)
Oct 28, 2024
•
withdrawn
github.com/crossplane/crossplane: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
Critical
GHSA-7h65-4p22-39j6
was published
for
github.com/crossplane/crossplane
(Go)
Oct 25, 2024
RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists
Critical
GHSA-x7xj-jvwp-97rv
was published
for
github.com/rancher/rke2
(Go)
Oct 25, 2024
Rancher Remote Code Execution via Cluster/Node Drivers
Critical
CVE-2024-22036
was published
for
github.com/rancher/rancher
(Go)
Oct 25, 2024
ProTip!
Advisories are also available from the
GraphQL API