Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,315 advisories

Loading
Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server Moderate
CVE-2025-48938 was published for github.com/cli/go-gh/v2 (Go) May 30, 2025
andyfeller BagToad
babakks matt- shilpakum vcsjones
Mattermost fails to properly enforce access control restrictions for System Manager roles Low
CVE-2025-3611 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to properly invalidate personal access tokens upon user deactivation Moderate
CVE-2025-3230 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to clear Google OAuth credentials Moderate
CVE-2025-2571 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to properly enforce access controls for guest users Low
CVE-2025-1792 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Navidrome Transcoding Permission Bypass Vulnerability Report High
CVE-2025-48948 was published for github.com/navidrome/navidrome (Go) May 29, 2025
lujiefsi
Mattermost improperly allows team administrators to modify team invites Moderate
CVE-2025-3913 was published for github.com/mattermost/mattermost/server/v8 (Go) May 29, 2025
Navidrome allows SQL Injection via role parameter High
CVE-2025-48949 was published for github.com/navidrome/navidrome (Go) May 29, 2025
4rdr
Fabio allows HTTP clients to manipulate custom headers it adds Critical
CVE-2025-48865 was published for github.com/fabiolb/fabio (Go) May 29, 2025
47Cid
ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection High
CVE-2025-48936 was published for github.com/zitadel/zitadel (Go) May 28, 2025
amit-laish livio-a
eliobischof
Argo CD allows cross-site scripting on repositories page Critical
CVE-2025-47933 was published for github.com/argoproj/argo-cd (Go) May 28, 2025
Ry0taK crenshaw-dev
Contrast workload secrets leak to logs on INFO level High
GHSA-h5f8-crrq-4pw8 was published for github.com/edgelesssys/contrast (Go) May 28, 2025
burgerdev katexochen
thomasten
Traefik allows path traversal using url encoding Low
CVE-2025-47952 was published for github.com/traefik/traefik (Go) May 28, 2025
antonjanrutten
ActiveMQ Artemis AMQ Broker Operator Starting Credentials Reuse Moderate
CVE-2025-4057 was published for github.com/arkmq-org/activemq-artemis-operator (Go) May 26, 2025
OpenFGA Authorization Bypass Moderate
CVE-2025-48371 was published for github.com/openfga/openfga (Go) May 23, 2025
zot logs secrets Moderate
CVE-2025-48374 was published for zotregistry.dev/zot (Go) May 22, 2025
lgtm-dude
Fiber panics when fiber.Ctx.BodyParser parses invalid range index High
CVE-2025-48075 was published for github.com/gofiber/fiber/v2 (Go) May 22, 2025
Batleram sixcolors
efectn ReneWerner87 gaby
Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin High
CVE-2025-4123 was published for github.com/grafana/grafana (Go) May 22, 2025
Ackites KillWxapkg Zip Bomb Resource Exhaustion Low
CVE-2025-5031 was published for github.com/Ackites/KillWxapkg (Go) May 21, 2025
Insufficient input sanitization in ejson2env Moderate
CVE-2025-48069 was published for ejson2env (RubyGems) May 21, 2025
thepwagner alexhope61
rj-coleman Owen-Cummings
containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods. Moderate
CVE-2025-47291 was published for github.com/containerd/containerd/v2 (Go) May 21, 2025
rata rogowski-piotr
Character injection in Hubble CLI Moderate
CVE-2025-48056 was published for github.com/cilium/hubble (Go) May 21, 2025
devodev bipierce-cisco
containerd allows host filesystem access on pull High
CVE-2025-47290 was published for github.com/containerd/containerd/v2 (Go) May 21, 2025
tonistiigi
Gardener allows metadata injection for a project secret which can lead to privilege escalation Critical
CVE-2025-47284 was published for github.com/gardener/gardener (Go) May 19, 2025
rfranzke donistz
timuthy JordanJordanov
Gardener allows bypassing project secret validation which can lead to privilege escalation Critical
CVE-2025-47283 was published for github.com/gardener/gardener (Go) May 19, 2025
petersutter rfranzke
donistz timuthy JordanJordanov
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database