Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

59 advisories

Loading
Mattermost fails to check the "invite_guest" permission Moderate
CVE-2024-1888 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost allows attackers access to posts in channels they are not a member of Moderate
CVE-2024-1942 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
File Browser has an Authorization Policy Bypass in Public Share Download Flow Moderate
CVE-2026-32761 was published for https://github.com/filebrowser/filebrowser (Go) Mar 18, 2026
Ahmad-jarwan Credited to Ahmad-jarwan and hacdias hacdias hacdias
Gokapi has privilege escalation via incomplete API-key permission revocation on user rank demotion Moderate
CVE-2026-29061 was published for github.com/forceu/gokapi (Go) Mar 5, 2026
Sijisu Credited to Sijisu, aisafe-bot, and Forceu aisafe-bot aisafe-bot
Forceu Forceu
Gokapi has Data Leak in Upload Status Stream Moderate
CVE-2026-28682 was published for github.com/forceu/gokapi (Go) Mar 5, 2026
Sijisu Credited to Sijisu, aisafe-bot, and Forceu aisafe-bot aisafe-bot
Forceu Forceu
Gokapi has privilege escalation with auth token Moderate
CVE-2026-29060 was published for github.com/forceu/gokapi (Go) Mar 5, 2026
Forceu Credited to Forceu
Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations Moderate
CVE-2026-22728 was published for github.com/bitnami-labs/sealed-secrets (Go) Feb 26, 2026
1seal Credited to 1seal
Gogs has an Authorization Bypass Allows Cross-Repository Label Modification in Gogs Moderate
CVE-2026-25229 was published for gogs.io/gogs (Go) Feb 17, 2026
spingARbor Credited to spingARbor
Mattermost Server has Improper Authorization for Integration Requests Moderate
CVE-2017-18916 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Gophish is vulnerable to Incorrect Access Control Moderate
CVE-2025-70963 was published for github.com/gophish/gophish (Go) Feb 6, 2026
Gogs has authorization bypass in repository deletion API Moderate
CVE-2025-65852 was published for gogs.io/gogs (Go) Feb 6, 2026
Yannis175 Credited to Yannis175
Gitea does not properly validate ownership when toggling OpenID URI visibility Moderate
CVE-2026-20904 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea does not properly validate repository ownership when linking attachments to releases Moderate
CVE-2026-20912 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea does not properly validate repository ownership when deleting Git LFS locks Moderate
CVE-2026-20897 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface Moderate
CVE-2026-20888 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea does not properly validate project ownership in organization project operations Moderate
CVE-2026-20750 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
memos vulnerability allows arbitrarily modification or deletion registered identity providers Moderate
CVE-2025-65797 was published for github.com/usememos/memos (Go) Dec 8, 2025
memos vulnerability allows arbitrarily modification or deletion of attachments Moderate
CVE-2025-65798 was published for github.com/usememos/memos (Go) Dec 8, 2025
memos vulnerability allows arbitrarily reactions deletion Moderate
CVE-2025-65796 was published for github.com/usememos/memos (Go) Dec 8, 2025
Mattermost Server allows users with a session ID to revoke another users' session Moderate
CVE-2017-18878 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic Moderate
CVE-2025-64715 was published for Ciliumgithub.com/cilium/cilium (Go) Dec 1, 2025
SeanEmac Credited to SeanEmac and fristonio fristonio fristonio
Silver has unrestricted traffic between Wireguard clients Moderate
CVE-2025-27093 was published for github.com/bishopfox/sliver (Go) Oct 28, 2025
catmandx Credited to catmandx
Mattermost allows remote actor to set arbitrary RemoteId values for synced users Moderate
CVE-2024-41926 was published for github.com/mattermost/mattermost (Go) Aug 1, 2024
Mattermost allows a remote actor to make an arbitrary local channel read-only Moderate
CVE-2024-41162 was published for github.com/mattermost/mattermost (Go) Aug 1, 2024
OpenFGA Authorization Bypass Moderate
CVE-2025-46331 was published for github.com/openfga/openfga (Go) Apr 30, 2025
avinashs433 Credited to avinashs433
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database