GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
69 advisories
Filter by severity
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation
Moderate
CVE-2024-47060
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
Exposure of debug and metrics endpoints in Pomerium
Moderate
CVE-2022-24797
was published
for
github.com/pomerium/pomerium
(Go)
Sep 6, 2024
gnark's Groth16 commitment extension unsound for more than one commitment
Moderate
CVE-2024-45039
was published
for
github.com/consensys/gnark
(Go)
Sep 6, 2024
gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property
Moderate
CVE-2024-45040
was published
for
github.com/consensys/gnark
(Go)
Sep 6, 2024
The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD
Moderate
CVE-2024-43803
was published
for
github.com/metal3-io/baremetal-operator
(Go)
Sep 3, 2024
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability
Moderate
CVE-2024-45043
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
(Go)
Aug 29, 2024
Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API
Moderate
CVE-2024-42486
was published
for
github.com/cilium/cilium
(Go)
Aug 16, 2024
Navidrome uses MD5 hashing algorithm
Moderate
CVE-2024-41259
was published
for
github.com/navidrome/navidrome
(Go)
Aug 1, 2024
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification
Moderate
CVE-2024-41264
was published
for
github.com/casdoor/casdoor
(Go)
Aug 1, 2024
ZITADEL Vulnerable to Session Information Leakage
Moderate
CVE-2024-39683
was published
for
github.com/zitadel/zitadel
(Go)
Jul 5, 2024
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
Moderate
CVE-2024-22032
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io
Moderate
CVE-2021-41092
was published
for
github.com/docker/cli
(Go)
Jun 10, 2024
MinIO information disclosure vulnerability
Moderate
CVE-2024-36107
was published
for
github.com/minio/minio
(Go)
May 29, 2024
Dapr API Token Exposure
Moderate
CVE-2024-35223
was published
for
github.com/dapr/dapr
(Go)
May 22, 2024
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
Moderate
CVE-2022-39201
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana User enumeration via forget password
Moderate
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Moderate
CVE-2022-31130
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Zitadel exposing internal database user name and host information
Moderate
CVE-2024-32967
was published
for
github.com/zitadel/zitadel
(Go)
May 1, 2024
Navidrome Parameter Tampering vulnerability
Moderate
CVE-2024-32963
was published
for
github.com/navidrome/navidrome
(Go)
May 1, 2024
Mattermost's detailed error messages reveal the full file path
Moderate
CVE-2024-32046
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Information disclosure in podman
Moderate
CVE-2020-14370
was published
for
github.com/containers/podman/v2
(Go)
Apr 24, 2024
Minder GetRepositoryByName data leak
Moderate
CVE-2024-31455
was published
for
github.com/stacklok/minder
(Go)
Apr 9, 2024
Helm shows secrets in clear text
Moderate
CVE-2019-25210
was published
for
helm.sh/helm/v3
(Go)
Mar 3, 2024
Mattermost leaks details of AD/LDAP groups of a teams
Moderate
CVE-2024-23493
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
containerd environment variable leak
Moderate
CVE-2021-21334
was published
for
github.com/containerd/containerd
(Go)
Jan 31, 2024
ProTip!
Advisories are also available from the
GraphQL API