GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,835
Erlang
36
GitHub Actions
33
Go
2,452
Maven
5,000+
npm
4,077
NuGet
723
pip
3,868
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
Character injection in Hubble CLI
Moderate
CVE-2025-48056
was published
for
github.com/cilium/hubble
(Go)
May 21, 2025
Fleet has SAML authentication vulnerability due to improper SAML response validation
Critical
CVE-2025-27509
was published
for
github.com/fleetdm/fleet/v4
(Go)
Mar 6, 2025
Git LFS permits exfiltration of credentials via crafted HTTP URLs
High
CVE-2024-53263
was published
for
github.com/git-lfs/git-lfs
(Go)
Jan 14, 2025
Plenti arbitrary file deletion vulnerability
High
CVE-2024-49381
was published
for
github.com/plentico/plenti
(Go)
Oct 31, 2024
Plenti arbitrary file write vulnerability
High
CVE-2024-49380
was published
for
github.com/plentico/plenti
(Go)
Oct 31, 2024
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
High
CVE-2024-41121
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
Woodpecker's custom environment variables allow to alter execution flow of plugins
Moderate
CVE-2024-41122
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
Sliver Allows Authenticated Operator-to-Server Remote Code Execution
High
CVE-2024-41111
was published
for
github.com/bishopfox/sliver
(Go)
Jul 18, 2024
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
High
CVE-2024-23828
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 29, 2024
ewen-lbh/ffcss Late-Unicode normalization vulnerability
Moderate
CVE-2023-52081
was published
for
github.com/ewen-lbh/ffcss
(Go)
Dec 28, 2023
Mattermost Injection vulnerability
High
CVE-2023-6458
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Dec 6, 2023
Mattermost Injection vulnerability
Low
CVE-2023-35075
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Ingress nginx annotation injection causes arbitrary command execution
High
CVE-2023-5043
was published
for
k8s.io/ingress-nginx
(Go)
Oct 25, 2023
Kiali content spoofing vulnerability
Moderate
CVE-2022-3962
was published
for
github.com/kiali/kiali
(Go)
Sep 23, 2023
1Panel vulnerable to command injection when adding container repositories
Moderate
CVE-2023-36457
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 5, 2023
Abstrium Pydio Cells Resource Injection vulnerability
Moderate
CVE-2023-2980
was published
for
github.com/pydio/cells/v4
(Go)
May 30, 2023
Denial of service (DoS) when processing Git credentials
Moderate
CVE-2022-43756
was published
for
github.com/rancher/wrangler
(Go)
Jan 25, 2023
Apache Traffic Control Traffic Ops Vulnerable to LDAP Injection
Critical
CVE-2021-43350
was published
for
github.com/apache/trafficcontrol
(Go)
May 24, 2022
b3log Wide unauthenticated file access
High
CVE-2019-13915
was published
for
github.com/b3log/wide
(Go)
May 24, 2022
Rancher code injection via fluentd config commands
High
CVE-2019-12303
was published
for
github.com/rancher/rancher
(Go)
May 24, 2022
Command injection in gh-ost
Moderate
CVE-2022-21687
was published
for
github.com/github/gh-ost
(Go)
Feb 1, 2022
Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker
High
CVE-2021-41232
was published
for
github.com/stevenweathers/thunderdome-planning-poker
(Go)
Nov 8, 2021
CRLF vulnerability in Fiber
Moderate
CVE-2020-15111
was published
for
github.com/gofiber/fiber
(Go)
Jun 29, 2021
Improper Neutralization of Special Elements in Output in helm.sh/helm/v3
Moderate
CVE-2021-21303
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
plugin.yaml file allows for duplicate entries in helm
Low
CVE-2020-15187
was published
for
helm.sh/helm
(Go)
May 24, 2021
ProTip!
Advisories are also available from the
GraphQL API