Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,759
NuGet
678
pip
3,445
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Loading
Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges Moderate
CVE-2024-52529 was published for github.com/cilium/cilium (Go) Nov 25, 2024
Mattermost server allows authenticated user to delete arbitrary post Moderate
CVE-2024-50052 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 29, 2024
Pebble service manager's file pull API allows access by any user Moderate
CVE-2024-3250 was published for github.com/canonical/pebble (Go) Apr 5, 2024
hpidcock benhoyt
Mattermost leaks details of AD/LDAP groups of a teams Moderate
CVE-2024-23493 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost fails to check if user is a guest before performing actions on public playbooks Moderate
CVE-2023-4106 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
Nomad Search API Leaks Information About CSI Plugins Moderate
CVE-2023-3300 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24
Nomad ACL Policies without Label are Applied to Unexpected Resources Moderate
CVE-2023-3072 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24
Mattermost Server Missing Authorization vulnerability Moderate
CVE-2023-2783 was published for github.com/mattermost/mattermost-server/v6 (Go) Jun 16, 2023
Duplicate Advisory: Grafana Improper Access Control vulnerability Moderate
GHSA-wm7r-3qxj-5xgq was published for github.com/grafana/grafana (Go) Jun 6, 2023 withdrawn
Mattermost fails to properly authentication inviter's permissions to private channel Moderate
CVE-2023-1774 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint Moderate
CVE-2022-39340 was published for github.com/openfga/openfga (Go) Oct 25, 2022
Mattermost Server Sensitive Data Exposure Moderate
CVE-2020-14457 was published for github.com/mattermost/mattermost (Go) May 24, 2022
Missing Authorization in Harbor Moderate
CVE-2019-16097 was published for github.com/goharbor/harbor (Go) Feb 15, 2022
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Moderate
CVE-2021-38698 was published for github.com/hashicorp/consul (Go) Sep 8, 2021
Authenticated users can exploit an enumeration vulnerability in Harbor Moderate
CVE-2020-13794 was published for github.com/goharbor/harbor (Go) May 24, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database