Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

7 advisories

Loading
Answer contains Improper Access Control vulnerability Critical
CVE-2023-0744 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Access control bypass in beego Critical
CVE-2022-31259 was published for github.com/beego/beego (Go) May 22, 2022
Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos Critical
CVE-2023-4696 was published for github.com/usememos/memos (Go) Sep 1, 2023
Improper Access Control in Gitea Critical
CVE-2020-28991 was published for github.com/go-gitea/gitea (Go) Apr 24, 2024
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel Critical
CVE-2024-39274 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost allows unsolicited invites to expose access to local channels Critical
CVE-2024-39777 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
RBAC Roles for `etcd` created by Kamaji are not disjunct Critical
CVE-2024-42480 was published for github.com/clastix/kamaji (Go) Aug 12, 2024
SimonKienzler prometherion
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database