Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,719
Maven
5,000+
npm
4,329
NuGet
762
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

28 advisories

Loading
Step CA Has Authorization Bypass in ACME and SCEP Provisioners Critical
CVE-2025-44005 was published for github.com/smallstep/certificates (Go) Dec 3, 2025
Mattermost fails to validate user permissions in Boards Low
CVE-2025-13870 was published for github.com/mattermost/mattermost (Go) Dec 2, 2025
Mattermost does not enforce MFA on WebSocket connections Moderate
CVE-2025-55070 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL Moderate
CVE-2025-55073 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
Dragonfly doesn't have authentication enabled for some Manager’s endpoints High
CVE-2025-59345 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function High
CVE-2025-59358 was published for github.com/chaos-mesh/chaos-mesh (Go) Sep 15, 2025
Mattermost Does Not Sanitize the Team Invite ID Moderate
CVE-2025-47870 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Confluence Plugin is Missing Authentication for Critical Function Moderate
CVE-2025-54478 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
Mattermost Confluence Plugin is Missing Authentication for Critical Function High
CVE-2025-44004 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
Mattermost Missing Authentication for Critical Function Moderate
CVE-2025-6226 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
OpenBao allows cancellation of root rekey and recovery rekey operations without authentication Moderate
CVE-2025-52894 was published for github.com/openbao/openbao (Go) Jun 26, 2025
cipherboy
Credited to cipherboy
Mattermost Missing Authentication for Critical Function Low
CVE-2025-27538 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
Mattermost Fails to Enforce MFA on Plugin Endpoints High
CVE-2025-25068 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 21, 2025
Chisel's AUTH environment variable not respected in server entrypoint High
CVE-2024-43798 was published for github.com/jpillora/chisel (Go) Aug 27, 2024
lleyton korewaChino
jpillora
Credited to lleyton, korewaChino, and jpillora
Navidrome uses MD5 hashing algorithm Moderate
CVE-2024-41259 was published for github.com/navidrome/navidrome (Go) Aug 1, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider High
CVE-2023-22650 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Unauthenticated Access to sensitive settings in Argo CD Moderate
CVE-2024-37152 was published for github.com/argoproj/argo-cd/v2/server (Go) Jun 6, 2024
moshikoHassan
Credited to moshikoHassan
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records Moderate
CVE-2020-15136 was published for go.etcd.io/etcd (Go) Jan 31, 2024
Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy Moderate
CVE-2023-41333 was published for github.com/cilium/cilium (Go) Sep 27, 2023
odinuge
Credited to odinuge
sing-box vulnerable to improper authentication in the SOCKS inbound Critical
CVE-2023-43644 was published for github.com/sagernet/sing (Go) Sep 26, 2023
Answer Missing Authentication for Critical Function High
CVE-2023-4815 was published for github.com/answerdev/answer (Go) Sep 7, 2023
CasaOS Gateway vulnerable to incorrect identification of source IP addresses Critical
CVE-2023-37265 was published for github.com/IceWhaleTech/CasaOS-Gateway (Go) Jul 17, 2023
thomas-chauchefoin-sonarsource
Credited to thomas-chauchefoin-sonarsource
KubeView vulnerable to full cluster takeover due to improper authentication Critical
CVE-2022-45933 was published for github.com/benc-uk/kubeview (Go) Nov 27, 2022
Dapr Dashboard vulnerable to Incorrect Access Control High
CVE-2022-38817 was published for github.com/dapr/dashboard (Go) Oct 4, 2022
Missing Role Based Access Control for the REST handlers in bleve/http package Moderate
CVE-2022-31022 was published for github.com/blevesearch/bleve (Go) Jun 3, 2022
Proximyst
Credited to Proximyst
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database