Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,820
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,050
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,410 advisories

Loading
Hashicorp Vault has Incorrect Validation for Non-CA Certificates Moderate
CVE-2025-6037 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability Moderate
CVE-2025-6015 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
Hashicorp Vault has Privilege Escalation Vulnerability High
CVE-2025-5999 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users Low
CVE-2025-6011 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
Hashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse Moderate
CVE-2025-6014 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
Hashicorp Vault has Lockout Feature Authentication Bypass Moderate
CVE-2025-6004 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration Critical
CVE-2025-6000 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
1Panel agent certificate verification bypass leading to arbitrary command execution High
CVE-2025-54424 was published for github.com/1Panel-dev/1Panel/core (Go) Aug 1, 2025
lizicoco
Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution High
CVE-2025-54386 was published for github.com/traefik/traefik/v2 (Go) Aug 1, 2025
odaysec
OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion Critical
CVE-2025-54576 was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Jul 30, 2025
jennifer-recurity
OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0 Moderate
CVE-2021-21411 was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Jul 30, 2025
bohrasd
Moby firewalld reload removes bridge network isolation Low
CVE-2025-54410 was published for github.com/docker/docker (Go) Jul 29, 2025
Moby firewalld reload makes published container ports accessible from remote hosts Moderate
CVE-2025-54388 was published for github.com/docker/docker (Go) Jul 29, 2025
Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs Moderate
CVE-2025-50738 was published for github.com/usememos/memos (Go) Jul 29, 2025
eKuiper API endpoints handling SQL queries with user-controlled table names. High
CVE-2025-54379 was published for github.com/lf-edge/ekuiper (Go) Jul 24, 2025
odaysec
Possible ORM Leak Vulnerability in the Harbor Moderate
CVE-2025-30086 was published for github.com/goharbor/harbor (Go) Jul 23, 2025
Harbor repository description page has Cross-site Scripting vulnerability Moderate
CVE-2025-32019 was published for github.com/goharbor/harbor (Go) Jul 23, 2025
Ollama vulnerable to Cross-Domain Token Exposure Moderate
CVE-2025-51471 was published for github.com/ollama/ollama (Go) Jul 22, 2025
Authentik has insufficient check for account active status when authenticating with OAuth/SAML Sources High
CVE-2025-53942 was published for goauthentik.io (Go) Jul 22, 2025
pascalwei
Kyverno's Improper JMESPath Variable Evaluation Lead to Denial of Service High
CVE-2025-47281 was published for github.com/kyverno/kyverno (Go) Jul 22, 2025
thevilledev
melange's world-writable permissions expose SBOM files to potential image tampering Moderate
CVE-2025-54059 was published for chainguard.dev/melange (Go) Jul 18, 2025
markusboehme egibs
codyharris-h2o-ai stevebeattie eslerm
apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files High
CVE-2025-53945 was published for chainguard.dev/apko (Go) Jul 18, 2025
vishal-chdhry codyharris-h2o-ai
eslerm
golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability High
CVE-2025-22868 was published for golang.org/x/oauth2 (Go) Jul 18, 2025
Mattermost has Insufficiently Protected Credentials Low
CVE-2025-6227 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
Mattermost Path Traversal vulnerability Moderate
CVE-2025-6233 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database