Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,585
Maven
5,000+
npm
5,000+
NuGet
923
pip
4,817
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
Juju has unauthorized access to out-of-scope Kubernetes secrets High
CVE-2026-32693 was published for github.com/juju/juju (Go) Mar 19, 2026
dimaqq Credited to dimaqq, hpidcock, and wallyworld hpidcock hpidcock
wallyworld wallyworld
Juju has unauthorized update of out-of-scope Vault secrets High
CVE-2026-32692 was published for github.com/juju/juju (Go) Mar 19, 2026
hpidcock Credited to hpidcock
Juju allows arbitrary executable uploads via authenticated endpoint without authorization High
CVE-2025-0928 was published for github.com/juju/juju (Go) Jul 9, 2025
tlm Credited to tlm, wallyworld, hpidcock, Fedqys, and setharnold wallyworld wallyworld
hpidcock hpidcock Fedqys Fedqys setharnold setharnold
Juju zip slip vulnerability via authenticated endpoint High
CVE-2025-53513 was published for github.com/juju/juju (Go) Jul 9, 2025
wallyworld Credited to wallyworld and hpidcock hpidcock hpidcock
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm High
GHSA-6vjm-54vp-mxhx was published for github.com/juju/juju (Go) Aug 5, 2024
phvalguima Credited to phvalguima, manadart, SimonRichardson, hpidcock, lucistanescu, and eslerm manadart manadart
SimonRichardson SimonRichardson hpidcock hpidcock lucistanescu lucistanescu eslerm eslerm
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database