GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction
Critical
CVE-2026-42880
was published
for
github.com/argoproj/argo-cd/v3
(Go)
May 7, 2026
Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening
Critical
GHSA-9h64-2846-7x7f
was published
for
github.com/getaxonflow/axonflow
(Go)
May 6, 2026
Dgraph: Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars
Critical
CVE-2026-41492
was published
for
github.com/dgraph-io/dgraph
(Go)
Apr 24, 2026
Dgraph: Unauthenticated /debug/pprof/cmdline discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints
Critical
CVE-2026-40173
was published
for
github.com/dgraph-io/dgraph
(Go)
Apr 16, 2026
Pyroscope Exposes Storage Secret
Critical
CVE-2025-41118
was published
for
github.com/grafana/pyroscope
(Go)
Apr 15, 2026
SiYuan Vulnerable to Arbitrary File Read in Desktop Publish Service
Critical
CVE-2026-32938
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 17, 2026
SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage
Critical
CVE-2026-30869
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 7, 2026
Rancher doesn't properly sanitize credentials in cluster template answers
Critical
CVE-2021-36783
was published
for
github.com/rancher/rancher
(Go)
Mar 3, 2026
Argo CD's Project API Token Exposes Repository Credentials
Critical
CVE-2025-55190
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Sep 4, 2025
Argo CD cluster secret might leak in cluster details page
Critical
CVE-2023-40029
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Sep 11, 2023
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli
Critical
GHSA-h24c-6p6p-m3vx
was published
for
github.com/bnb-chain/tss-lib
(Go)
Sep 1, 2023
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Critical
CVE-2022-39222
was published
for
github.com/dexidp/dex
(Go)
Oct 3, 2022
Improper access control allows admin privilege escalation in Argo CD
Critical
CVE-2022-24768
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Weave GitOps leaked cluster credentials into logs on connection errors
Critical
CVE-2022-31098
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jun 23, 2022
Argo CD will blindly trust JWT claims if anonymous access is enabled
Critical
CVE-2022-29165
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
Insecure Permissions in Gogs
Critical
CVE-2019-14544
was published
for
gogs.io/gogs
(Go)
May 18, 2021
ProTip!
Advisories are also available from the
GraphQL API