Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

167 advisories

Loading
In Soft Serve, an authenticated repo import can clone server-local private repositories High
CVE-2026-33353 was published for github.com/charmbracelet/soft-serve (Go) Mar 19, 2026
evnsh Credited to evnsh
Mattermost Microsoft Teams Plugin fails to properly mask sensitive configuration values High
CVE-2026-2476 was published for github.com/mattermost/mattermost-plugin-msteams (Go) Mar 16, 2026
SiYuan Vulnerable to Arbitrary File Read in Desktop Publish Service Critical
CVE-2026-32938 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 17, 2026
TCOTC Credited to TCOTC, YuxinZhaozyx, and 88250 YuxinZhaozyx YuxinZhaozyx
88250 88250
FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info High
CVE-2026-30933 was published for github.com/gtsteffaniak/filebrowser/backend (Go) Mar 9, 2026
mdcoxe Credited to mdcoxe
Mattermost race condition Low
CVE-2024-1949 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Unauthorized access to Argo Workflows Template High
CVE-2026-28229 was published for github.com/argoproj/argo-workflows/v3 (Go) Mar 11, 2026
Masamuneee Credited to Masamuneee
Ignition config accessible to unprivileged software on VMware Moderate
CVE-2022-1706 was published for github.com/coreos/ignition (Go) May 25, 2022
jonaz Credited to jonaz, bgilbert, and jess-lowe bgilbert bgilbert
jess-lowe jess-lowe
SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage Critical
CVE-2026-30869 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 7, 2026
Zwique Credited to Zwique
Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users High
CVE-2026-27465 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
prateek-0490 Credited to prateek-0490
Caddy's vars_regexp double-expands user input, leaking env vars and files Moderate
CVE-2026-30852 was published for github.com/caddyserver/caddy/v2/modules/caddyhttp (Go) Mar 6, 2026
sammiee5311 Credited to sammiee5311
Gokapi has Data Leak in Upload Status Stream Moderate
CVE-2026-28682 was published for github.com/forceu/gokapi (Go) Mar 5, 2026
Sijisu Credited to Sijisu, aisafe-bot, and Forceu aisafe-bot aisafe-bot
Forceu Forceu
OliveTin doesn't check view permission when returning dashboards Moderate
CVE-2026-30233 was published for github.com/OliveTin/OliveTin (Go) Mar 5, 2026
Zwique Credited to Zwique
Traefik has an Improper Certificate Handling issue Moderate
CVE-2020-9321 was published for github.com/traefik/traefik (Go) Sep 2, 2021
avivdolev Credited to avivdolev
FileBrowser has Path Traversal in Public Share Links that Exposes Files Outside Shared Directory High
CVE-2026-28492 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 2, 2026
uug4na Credited to uug4na and hacdias hacdias hacdias
Rancher doesn't properly sanitize credentials in cluster template answers Critical
CVE-2021-36783 was published for github.com/rancher/rancher (Go) Mar 3, 2026
FileBrowser Quantum: Password Protection Not Enforced on Shared File Links High
CVE-2026-27611 was published for github.com/gtsteffaniak/filebrowser/backend (Go) Feb 25, 2026
ByteAfterlife Credited to ByteAfterlife
uTLS has a fingerprint vulnerability from missing padding extension for Chrome 120 Low
CVE-2026-26995 was published for github.com/refraction-networking/utls (Go) Feb 18, 2026
Mattermost fails to sanitize sensitive data in WebSocket messages Moderate
CVE-2025-13821 was published for github.com/mattermost/mattermost-server (Go) Feb 16, 2026
Pion DTLS's usage of random nonce generation with AES GCM ciphers risks leaking the authentication key Moderate
CVE-2026-26014 was published for github.com/pion/dtls (Go) Feb 11, 2026
theodorsm Credited to theodorsm and JoTurk JoTurk JoTurk
Argo CD's Project API Token Exposes Repository Credentials Critical
CVE-2025-55190 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 4, 2025
ntammineni5 Credited to ntammineni5, 34fathombelow, alexmt, todaywasawesome, jannfis, crenshaw-dev, and svghadi 34fathombelow 34fathombelow
alexmt alexmt todaywasawesome todaywasawesome jannfis jannfis crenshaw-dev crenshaw-dev svghadi svghadi
Gophish is vulnerable to Incorrect Access Control Moderate
CVE-2025-70963 was published for github.com/gophish/gophish (Go) Feb 6, 2026
Docker Moby /proc/scsi Path Exposure Allows Host Data Loss (SCSI MICDROP) Moderate
CVE-2017-16539 was published for github.com/moby/moby (Go) May 17, 2022
Gitea improperly exposes issue and pull request titles Low
CVE-2026-20800 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Grafana world readable configuration files High
CVE-2020-12459 was published for github.com/grafana/grafana (Go) May 24, 2022
Mattermost Server exposes private team invite ID Moderate
CVE-2017-18901 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database