Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,261 advisories

Loading
Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle (MitM) attacks High
CVE-2023-32198 was published for github.com/rancher/stev (Go) Apr 25, 2025
Fleet doesn’t validate a server’s certificate when connecting through SSH Moderate
CVE-2025-23390 was published for github.com/rancher/fleet (Go) Apr 25, 2025
Rancher users who can create Projects can gain access to arbitrary projects High
CVE-2024-22031 was published for github.com/rancher/rancher (Go) Apr 25, 2025
CNCF K3s Kubernetes kubelet configuration exposes credentials Moderate
CVE-2025-46599 was published for github.com/k3s-io/k3s (Go) Apr 25, 2025
Mattermost Playbooks fails to validate the uniqueness and quantity of task actions Moderate
CVE-2025-35965 was published for github.com/mattermost/mattermost-plugin-playbooks (Go) Apr 24, 2025
Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type Moderate
CVE-2025-41395 was published for github.com/mattermost/mattermost-plugin-playbooks (Go) Apr 24, 2025
Mattermost Playbooks fails to properly validate permissions Low
CVE-2025-41423 was published for github.com/mattermost/mattermost-plugin-playbooks (Go) Apr 24, 2025
uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries Moderate
GHSA-pmc3-p9hx-jq96 was published for github.com/refraction-networking/utls (Go) Apr 23, 2025
Wazuh server vulnerable to remote code execution Critical
CVE-2025-24016 was published for github.com/wazuh/wazuh (Go) Apr 22, 2025
DanielFi GGP1
Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS Moderate
CVE-2025-32963 was published for github.com/minio/operator (Go) Apr 21, 2025
bburky pjuarezd
In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters Moderate
CVE-2025-32793 was published for github.com/cilium/cilium (Go) Apr 21, 2025
julianwiedmann
Traefik has a possible vulnerability with the path matchers High
CVE-2025-32431 was published for github.com/traefik/traefik (Go) Apr 21, 2025
GoBGP does not verify that the input length Moderate
CVE-2025-43973 was published for github.com/osrg/gobgp (Go) Apr 21, 2025
GoBGP crashes in the flowspec parser Moderate
CVE-2025-43972 was published for github.com/osrg/gobgp (Go) Apr 21, 2025
GoBGP panics due to a zero value for softwareVersionLen High
CVE-2025-43971 was published for github.com/osrg/gobgp (Go) Apr 21, 2025
GoBGP does not properly check the input length Moderate
CVE-2025-43970 was published for github.com/osrg/gobgp (Go) Apr 21, 2025
one-api Cross-site Scripting vulnerability Moderate
CVE-2025-3801 was published for github.com/songquanpeng/one-api (Go) Apr 19, 2025
Traefik affected by Go HTTP Request Smuggling Vulnerability Critical
GHSA-5423-jcjm-2gpv was published for github.com/traefik/traefik/v2 (Go) Apr 18, 2025
varunbondre
Traefik affected by Go oauth2/jws Improper Validation of Syntactic Correctness of Input vulnerability High
CVE-2025-22868 was published for github.com/traefik/traefik/v2 (Go) Apr 18, 2025
adregbr
golang.org/x/net vulnerable to Cross-site Scripting Moderate
CVE-2025-22872 was published for golang.org/x/net (Go) Apr 16, 2025
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2025-2564 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
Mattermost vulnerable to Observable Timing Discrepancy Moderate
CVE-2025-27936 was published for github.com/mattermost/mattermost-plugin-msteams (Go) Apr 16, 2025
Mattermost doesn't restrict domains LLM can request to contact upstream Low
CVE-2025-31363 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2025-27571 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
kbsteere
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-24839 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database