GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
893 advisories
Filter by severity
The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD
Moderate
CVE-2024-43803
was published
for
github.com/metal3-io/baremetal-operator
(Go)
Sep 3, 2024
Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill
Moderate
CVE-2024-8462
was published
for
github.com/windmill-labs/windmill
(Go)
Sep 5, 2024
gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property
Moderate
CVE-2024-45040
was published
for
github.com/consensys/gnark
(Go)
Sep 6, 2024
gnark's Groth16 commitment extension unsound for more than one commitment
Moderate
CVE-2024-45039
was published
for
github.com/consensys/gnark
(Go)
Sep 6, 2024
Exposure of debug and metrics endpoints in Pomerium
Moderate
CVE-2022-24797
was published
for
github.com/pomerium/pomerium
(Go)
Sep 6, 2024
Gouniverse GoLang CMS vulnerable to Cross-site Scripting
Moderate
CVE-2024-8572
was published
for
github.com/gouniverse/cms
(Go)
Sep 8, 2024
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation
Moderate
CVE-2024-47060
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
Apache Answer: Avatar URL leaked user email addresses
Moderate
CVE-2024-40761
was published
for
github.com/apache/incubator-answer
(Go)
Sep 25, 2024
Grafana Alloy on Windows has Unquoted Search Path or Element vulnerability
Moderate
CVE-2024-8975
was published
for
github.com/grafana/alloy
(Go)
Sep 25, 2024
Grafana Agent (Flow mode) on Windows has Unquoted Search Path or Element vulnerability
Moderate
CVE-2024-8996
was published
for
github.com/grafana/agent
(Go)
Sep 25, 2024
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events
Moderate
CVE-2024-47003
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Sep 26, 2024
Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials
Moderate
CVE-2024-45042
was published
for
github.com/ory/kratos
(Go)
Sep 26, 2024
Link Following in github.com/containers/common
Moderate
CVE-2024-9341
was published
for
github.com/containers/common
(Go)
Oct 1, 2024
Improper Input Validation in Buildah and Podman
Moderate
CVE-2024-9407
was published
for
github.com/containers/buildah
(Go)
Oct 1, 2024
Duplicate Advisory: Vulnerable juju hook tool abstract UNIX domain socket
Moderate
GHSA-fc27-7pf5-96v3
was published
for
github.com/juju/juju
(Go)
Oct 2, 2024
•
withdrawn
JUJU_CONTEXT_ID is a predictable authentication secret
Moderate
CVE-2024-7558
was published
for
github.com/juju/juju
(Go)
Oct 3, 2024
Vulnerable juju hook tool abstract UNIX domain socket
Moderate
CVE-2024-8037
was published
for
github.com/juju/juju
(Go)
Oct 3, 2024
Vulnerable juju introspection abstract UNIX domain socket
Moderate
CVE-2024-8038
was published
for
github.com/juju/juju
(Go)
Oct 3, 2024
ProTip!
Advisories are also available from the
GraphQL API