Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,730
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

839 advisories

Loading
quic-go Has Panic in Path Probe Loss Recovery Handling High
CVE-2025-29785 was published for github.com/quic-go/quic-go (Go) Jun 3, 2025
Navidrome Transcoding Permission Bypass Vulnerability Report High
CVE-2025-48948 was published for github.com/navidrome/navidrome (Go) May 29, 2025
lujiefsi
Navidrome allows SQL Injection via role parameter High
CVE-2025-48949 was published for github.com/navidrome/navidrome (Go) May 29, 2025
4rdr
ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection High
CVE-2025-48936 was published for github.com/zitadel/zitadel (Go) May 28, 2025
amit-laish livio-a
eliobischof
OpenShift GitOps Operator Namespace Isolation Break High
CVE-2024-13484 was published for github.com/redhat-developer/gitops-operator (Go) Jan 28, 2025
svghadi
Fiber panics when fiber.Ctx.BodyParser parses invalid range index High
CVE-2025-48075 was published for github.com/gofiber/fiber/v2 (Go) May 22, 2025
Batleram sixcolors
efectn ReneWerner87 gaby
Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin High
CVE-2025-4123 was published for github.com/grafana/grafana (Go) May 22, 2025
containerd allows host filesystem access on pull High
CVE-2025-47290 was published for github.com/containerd/containerd/v2 (Go) May 21, 2025
tonistiigi
Contrast workload secrets leak to logs on INFO level High
GHSA-h5f8-crrq-4pw8 was published for github.com/edgelesssys/contrast (Go) May 28, 2025
burgerdev katexochen
thomasten
Rancher allows an unauthenticated stack overflow in /v3-public/authproviders API High
CVE-2025-23388 was published for github.com/rancher/rancher (Go) Feb 27, 2025
AnonySE26
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login High
CVE-2025-23389 was published for github.com/rancher/rancher (Go) Feb 27, 2025
AnonySE26
GitLab auth uses full name instead of username as user ID, allowing impersonation High
CVE-2020-5415 was published for github.com/concourse/concourse (Go) Dec 20, 2021
gdetrez
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers High
CVE-2024-23656 was published for github.com/dexidp/dex (Go) Jan 26, 2024
tuminoid
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' High
CVE-2023-32194 was published for github.com/rancher/rancher (Go) Feb 8, 2024
AnonySE26
Rancher users who can create Projects can gain access to arbitrary projects High
CVE-2024-22031 was published for github.com/rancher/rancher (Go) Apr 25, 2025
AnonySE26
Ollama Server Vulnerable to Denial of Service (DoS) Attack High
CVE-2025-1975 was published for github.com/ollama/ollama (Go) May 16, 2025
Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt High
GHSA-869w-47c6-fq8q was published for github.com/babylonlabs-io/babylon (Go) May 15, 2025
Babylon Finality Provider `MsgCommitPubRandList` replay attack High
GHSA-7mm3-vfg8-7rg6 was published for github.com/babylonlabs-io/babylon (Go) May 15, 2025
golang.org/x/text/language Denial of service via crafted Accept-Language header High
CVE-2022-32149 was published for golang.org/x/text (Go) Oct 14, 2022
rbeuque74
Ollama Divide by Zero Vulnerability High
CVE-2024-8063 was published for github.com/ollama/ollama (Go) Mar 20, 2025
Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter High
CVE-2025-30153 was published for github.com/getkin/kin-openapi (Go) Mar 19, 2025
blotus dwertent
Yggdrasil Vulnerable to Local Privilege Escalation High
CVE-2025-3931 was published for github.com/redhatinsights/yggdrasil (Go) May 14, 2025
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation High
CVE-2023-3893 was published for github.com/kubernetes-csi/csi-proxy (Go) Nov 3, 2023
Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability High
CVE-2024-9355 was published for github.com/golang-fips/openssl (Go) Oct 1, 2024
qmuntal
Cosmos EVM Allows Partial Precompile State Writes High
GHSA-mjfq-3qr2-6g84 was published for github.com/cosmos/evm (Go) May 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database