GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,940 advisories
Filter by severity
Kubean vulnerable to cluster-level privilege escalation
Moderate
CVE-2024-41820
was published
for
github.com/kubean-io/kubean
(Go)
Aug 5, 2024
In regclient, pinned manifest digests may be ignored
Moderate
GHSA-qv35-3gw6-8q4j
was published
for
github.com/regclient/regclient
(Go)
Aug 5, 2024
APM Server vulnerable to Insertion of Sensitive Information into Log File
Moderate
CVE-2024-37286
was published
for
github.com/elastic/apm-server
(Go)
Aug 3, 2024
Podman vulnerable to memory-based denial of service
High
CVE-2024-3056
was published
for
github.com/containers/podman
(Go)
Aug 2, 2024
soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests
High
CVE-2024-41956
was published
for
github.com/charmbracelet/soft-serve
(Go)
Aug 2, 2024
Navidrome uses MD5 hashing algorithm
Moderate
CVE-2024-41259
was published
for
github.com/navidrome/navidrome
(Go)
Aug 1, 2024
NetBird uses a static initialization vector (IV)
High
CVE-2024-41260
was published
for
github.com/netbirdio/netbird
(Go)
Aug 1, 2024
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification
Moderate
CVE-2024-41264
was published
for
github.com/casdoor/casdoor
(Go)
Aug 1, 2024
cortex establishes TLS connections with `InsecureSkipVerify` set to `true`
High
CVE-2024-41265
was published
for
github.com/cortexproject/cortex
(Go)
Aug 1, 2024
Mattermost allows unsolicited invites to expose access to local channels
High
CVE-2024-39777
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows remote actor to set arbitrary RemoteId values for synced users
Low
CVE-2024-41926
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling
Moderate
CVE-2024-39832
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows a user on a remote to set their remote username prop to an arbitrary string
Moderate
CVE-2024-39839
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows a remote actor to make an arbitrary local channel read-only
Moderate
CVE-2024-41162
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows remote actor to create/update/delete posts in arbitrary channels
Moderate
CVE-2024-41144
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost did not properly restrict channel creation
Low
CVE-2024-39837
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost failed to disallow the modification of local users when syncing users in shared channels
High
CVE-2024-36492
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel
High
CVE-2024-39274
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost failed to properly validate synced reactions
Low
CVE-2024-29977
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Beego privilege escalation vulnerability
High
CVE-2024-40465
was published
for
github.com/beego/beego/v2
(Go)
Jul 31, 2024
Beego privilege escalation vulnerability
High
CVE-2024-40464
was published
for
github.com/beego/beego/v2
(Go)
Jul 31, 2024
Filestash configured to skip TLS certificate verification when using the FTPS protocol
High
CVE-2024-41255
was published
for
github.com/mickael-kerjean/filestash
(Go)
Jul 31, 2024
Filestash skips TLS certificate verification process when sending out email verification codes
High
CVE-2024-41256
was published
for
github.com/mickael-kerjean/filestash
(Go)
Jul 31, 2024
ZITADEL "ignoring unknown usernames" vulnerability
Moderate
CVE-2024-41952
was published
for
github.com/zitadel/zitadel
(Go)
Jul 31, 2024
ZITADEL has improper HTML sanitization in emails and Console UI
Moderate
CVE-2024-41953
was published
for
github.com/zitadel/zitadel
(Go)
Jul 31, 2024
ProTip!
Advisories are also available from the
GraphQL API