Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,514
Erlang
33
GitHub Actions
25
Go
2,215
Maven
5,000+
npm
3,873
NuGet
696
pip
3,648
Pub
12
RubyGems
913
Rust
923
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,215 advisories

Loading
MinIO performs incomplete signature validation for unsigned-trailer uploads High
CVE-2025-31489 was published for github.com/minio/minio (Go) Apr 4, 2025
Miniflux Media Proxy vulnerable to Stored Cross-site Scripting due to improper Content-Security-Policy configuration Moderate
CVE-2025-31483 was published for miniflux.app/v2 (Go) Apr 4, 2025
Ry0taK takumi-san-ai
Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler Moderate
CVE-2023-27592 was published for miniflux.app/v2 (Go) Apr 2, 2025
fguillot 40826d
Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics High
CVE-2023-27591 was published for miniflux.app (Go) Apr 2, 2025
40826d fguillot
Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times Moderate
CVE-2025-31135 was published for github.com/phires/go-guerrilla (Go) Apr 1, 2025
Zenexer
Rancher: Restricted Administrator can change Administrator's passwords Critical
CVE-2025-23391 was published for github.com/rancher/rancher (Go) Apr 1, 2025
Apache Answer User Using External Images Potentially Discloses User Information Low
CVE-2025-29868 was published for github.com/apache/answer (Go) Apr 1, 2025
Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input Critical
CVE-2025-30223 was published for github.com/beego/beego (Go) Mar 31, 2025
thevilledev
go.rgst.io/stencil/v2 vulnerable to Path Traversal Moderate
GHSA-p799-q2pr-6mxj was published for go.rgst.io/stencil/v2 (Go) Mar 29, 2025
github.com/jaredallard/archives Has Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Moderate
GHSA-j95m-rcjp-q69h was published for github.com/jaredallard/archives (Go) Mar 28, 2025
ccojocar
Nethermind Juno Potential Denial of Service (DoS) via Integer Overflow High
CVE-2025-29072 was published for github.com/NethermindEth/juno (Go) Mar 27, 2025
ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation High
CVE-2025-1097 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
ingress-nginx controller - configuration injection via unsanitized mirror annotations High
CVE-2025-1098 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
ingress-nginx controller - auth secret file path traversal vulnerability Moderate
CVE-2025-24513 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
ingress-nginx controller - configuration injection via unsanitized auth-url annotation High
CVE-2025-24514 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
ingress-nginx admission controller RCE escalation Critical
CVE-2025-1974 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
Cilium node based network policies may incorrectly allow workload traffic Low
CVE-2025-30163 was published for Ciliumgithub.com/cilium/cilium (Go) Mar 24, 2025
oblazek
Kyverno ignores subjectRegExp and IssuerRegExp Moderate
CVE-2025-29778 was published for github.com/kyverno/kyverno (Go) Mar 24, 2025
frgt10cs
Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers Low
CVE-2025-30162 was published for github.com/cilium/cilium (Go) Mar 24, 2025
pjablonski123
Reflected XSS in go-httpbin due to unrestricted client control over Content-Type Low
GHSA-528q-4pgm-wvg2 was published for github.com/mccutchen/go-httpbin (Go) Mar 21, 2025
AyushXtha
jwt-go allows excessive memory allocation during header parsing High
CVE-2025-30204 was published for github.com/golang-jwt/jwt/v4 (Go) Mar 21, 2025
jub0bs Web-E
PipeCD Vulnerable to Privilege Escalation High
CVE-2024-53351 was published for github.com/pipe-cd/pipecd (Go) Mar 21, 2025
Envoy crashes when HTTP ext_proc processes local replies Moderate
CVE-2025-30157 was published for github.com/envoyproxy/envoy (Go) Mar 21, 2025
botengyao yanjunxiang-google
phlax
Mattermost fail to prompt for explicit approval before adding a team admin to a private channel Low
CVE-2025-27715 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 21, 2025
Mattermost allows members with permission to convert public channels to private and convert private to public Moderate
CVE-2025-27933 was published for github.com/mattermost/mattermost-server (Go) Mar 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database