GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
26 advisories
Filter by severity
File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path
High
CVE-2026-54096
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 12, 2026
OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning
Moderate
CVE-2026-48096
was published
for
github.com/openfga/openfga
(Go)
Jun 11, 2026
Ironic Standalone Operator's prometheus metrics exporter bound to all interfaces
Moderate
GHSA-7cwm-fpfh-rrch
was published
for
github.com/metal3-io/ironic-standalone-operator
(Go)
May 29, 2026
Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS
Moderate
CVE-2026-46430
was published
for
github.com/xyproto/algernon
(Go)
May 20, 2026
External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore
Moderate
CVE-2026-42875
was published
for
github.com/external-secrets/external-secrets
(Go)
May 5, 2026
OpenShift GitOps Operator Namespace Isolation Break
High
CVE-2024-13484
was published
for
github.com/redhat-developer/gitops-operator
(Go)
Jan 28, 2025
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
wolfictl leaks GitHub tokens to remote non-GitHub git servers
Moderate
CVE-2024-35183
was published
for
github.com/wolfi-dev/wolfictl
(Go)
May 15, 2024
IPv6 enabled on IPv4-only network interfaces
Moderate
CVE-2024-32473
was published
for
github.com/docker/docker
(Go)
Apr 18, 2024
containerd environment variable leak
Moderate
CVE-2021-21334
was published
for
github.com/containerd/containerd
(Go)
Jan 31, 2024
runc vulnerable to container breakout through process.cwd trickery and leaked fds
High
CVE-2024-21626
was published
for
github.com/opencontainers/runc
(Go)
Jan 31, 2024
Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation
High
CVE-2023-28433
was published
for
github.com/minio/minio
(Go)
Sep 6, 2023
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
Low
CVE-2023-3299
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
Mattermost vulnerable to information disclosure
Moderate
CVE-2023-1775
was published
for
github.com/mattermost/mattermost-server
(Go)
Mar 31, 2023
Mattermost vulnerable to information disclosure
Moderate
CVE-2023-1777
was published
for
github.com/mattermost/mattermost-server
(Go)
Mar 31, 2023
robbert229/jwt's token validation methods vulnerable to a timing side-channel during HMAC comparison
High
CVE-2015-10004
was published
for
github.com/robbert229/jwt
(Go)
Dec 28, 2022
HashiCorp Nomad vulnerable to non-sensitive metadata exposure
Moderate
CVE-2022-3866
was published
for
github.com/hashicorp/nomad
(Go)
Nov 10, 2022
Ethermint vulnerable to DoS through unintended Contract Selfdestruct
High
CVE-2022-35936
was published
for
github.com/Kava-Labs/kava
(Go)
Aug 18, 2022
Cronos vulnerable to DoS through unintended Contract Selfdestruct
High
GHSA-gwj5-wp6r-5q9f
was published
for
github.com/crypto-org-chain/cronos
(Go)
Aug 11, 2022
Rancher Privilege Escalation Vulnerability
High
CVE-2019-12274
was published
for
github.com/rancher/rancher
(Go)
May 24, 2022
Improper Control of a Resource Through its Lifetime in Mattermost
Moderate
CVE-2022-1385
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Apr 20, 2022
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
High
CVE-2020-25039
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Elvish vulnerable to remote code execution via the web UI backend
High
CVE-2021-41088
was published
for
github.com/elves/elvish
(Go)
Sep 23, 2021
Archive package allows chmod of file outside of unpack target directory
Moderate
CVE-2021-32760
was published
for
github.com/containerd/containerd
(Go)
Jul 26, 2021
Access Control Bypass
Moderate
CVE-2018-20321
was published
for
github.com/rancher/rancher
(Go)
Jun 23, 2021
ProTip!
Advisories are also available from the
GraphQL API