Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,603
Maven
5,000+
npm
4,250
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points Low
GHSA-phhq-63jg-fp7r was published for github.com/edgelesssys/contrast (Go) Jul 9, 2025
burgerdev katexochen
thomasten
Credited to burgerdev, katexochen, and thomasten
uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries Moderate
GHSA-pmc3-p9hx-jq96 was published for github.com/refraction-networking/utls (Go) Apr 23, 2025
Mattermost allows remote/synthetic users to create sessions, reset passwords Moderate
CVE-2024-39836 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Intermittent HTTP policy bypass High
CVE-2024-28248 was published for github.com/cilium/cilium (Go) Mar 18, 2024
sayboras
Credited to sayboras
Potential HTTP policy bypass when using header rules in Cilium Moderate
CVE-2023-30851 was published for github.com/cilium/cilium (Go) May 22, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database