Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,792
Erlang
36
GitHub Actions
29
Go
2,377
Maven
5,000+
npm
4,002
NuGet
720
pip
3,802
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,083 advisories

Loading
Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization Moderate
CVE-2025-53512 was published for github.com/juju/juju (Go) Jul 9, 2025
wallyworld hpidcock
juju/utils leaks private key in certs Moderate
CVE-2025-6224 was published for github.com/juju/utils/v4/cert (Go) Jul 1, 2025
mcsaucy hpidcock
nikosgalanis
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2025-46702 was published for github.com/mattermost/mattermost-server (Go) Jun 30, 2025
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2025-47871 was published for github.com/mattermost/mattermost-server (Go) Jun 30, 2025
File Browser vulnerable to insecure password handling Moderate
CVE-2025-52997 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig hacdias
File Browser allows sensitive data to be transferred in URL Moderate
CVE-2025-52901 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig hacdias
mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data Moderate
GHSA-fv92-fjc5-jj9h was published for github.com/go-viper/mapstructure/v2 (Go) Jun 27, 2025
cipherboy
filebrowser Sets Insecure File Permissions Moderate
CVE-2025-52900 was published for github.com/filebrowser/filebrowser (Go) Jun 27, 2025
mtausig hacdias
OpenBao allows cancellation of root rekey and recovery rekey operations without authentication Moderate
CVE-2025-52894 was published for github.com/openbao/openbao/api/v2 (Go) Jun 26, 2025
cipherboy
OpenBao Inserts Sensitive Information into Log File when processing malformed data Moderate
CVE-2025-52893 was published for github.com/openbao/openbao/sdk/v2/framework (Go) Jun 26, 2025
cipherboy
Gogs XSS allowed by stored call in PDF renderer Moderate
CVE-2025-47943 was published for github.com/gogs/gogs (Go) Jun 26, 2025
edoardottt
chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes Moderate
GHSA-vrw8-fxc6-2r93 was published for github.com/go-chi/chi/v5 (Go) Jun 20, 2025
anuraagbaishya
Mattermost allows unauthorized channel member management through playbook runs Moderate
CVE-2025-3227 was published for github.com/mattermost/mattermost-server (Go) Jun 20, 2025
Mattermost allows an unauthorized Guest user access to Playbook Moderate
CVE-2025-3228 was published for github.com/mattermost/mattermost-server (Go) Jun 20, 2025
Velociraptor vulnerable to privilege escalation via UpdateConfig artifact Moderate
CVE-2025-6264 was published for www.velocidex.com/golang/velociraptor (Go) Jun 20, 2025
OSV-SCALIBR's Container Image Unpacking Vulnerable to Arbitrary File Write via Path Traversal Moderate
CVE-2025-5981 was published for github.com/google/osv-scalibr (Go) Jun 18, 2025
Malayke
New authd users logging in via SSH are members of the root group Moderate
CVE-2025-5689 was published for github.com/ubuntu/authd (Go) Jun 16, 2025
uptrace pgdriver SQL injection vulnerability Moderate
CVE-2024-44906 was published for github.com/uptrace/bun/driver/pgdriver (Go) Jun 12, 2025
maxfierke
go-pg SQL injection vulnerability via the component /types/append_value.go Moderate
CVE-2024-44905 was published for github.com/go-pg/pg (Go) Jun 12, 2025
Mattermost allows authenticated administrator to execute LDAP search filter injection Moderate
CVE-2025-4573 was published for github.com/mattermost/mattermost-server (Go) Jun 11, 2025
Authorino Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-25208 was published for github.com/kuadrant/authorino (Go) Jun 9, 2025
Authorino Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-25207 was published for github.com/kuadrant/authorino (Go) Jun 9, 2025
kro Confused Deputy vulnerability Moderate
CVE-2025-48710 was published for github.com/kro-run/kro (Go) Jun 4, 2025
Gokapi vulnerable to stored XSS via uploading file with malicious file name Moderate
CVE-2025-48494 was published for github.com/forceu/gokapi (Go) Jun 3, 2025
4rdr Forceu
Gokapi has stored XSS vulnerability in friendly name for API keys Moderate
CVE-2025-48495 was published for github.com/forceu/gokapi (Go) Jun 3, 2025
Forceu
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database