Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,378
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
act: Unrestricted set-env and add-path command processing enables environment injection High
CVE-2026-34041 was published for github.com/nektos/act (Go) Mar 27, 2026
golang-not-rust Credited to golang-not-rust
Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass Moderate
CVE-2026-32695 was published for github.com/traefik/traefik/v2 (Go) Mar 27, 2026
b-hermes Credited to b-hermes
Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values Moderate
CVE-2026-29777 was published for github.com/traefik/traefik (Go) Mar 11, 2026
1seal Credited to 1seal
Caddy's vars_regexp double-expands user input, leaking env vars and files Moderate
CVE-2026-30852 was published for github.com/caddyserver/caddy/v2/modules/caddyhttp (Go) Mar 6, 2026
sammiee5311 Credited to sammiee5311
Character injection in Hubble CLI Moderate
CVE-2025-48056 was published for github.com/cilium/hubble (Go) May 21, 2025
devodev Credited to devodev and bipierce-cisco bipierce-cisco bipierce-cisco
Fleet has SAML authentication vulnerability due to improper SAML response validation Critical
CVE-2025-27509 was published for github.com/fleetdm/fleet/v4 (Go) Mar 6, 2025
hakivvi Credited to hakivvi, lucasmrod, getvictor, rh-colbymorgan, and jeffssh lucasmrod lucasmrod
getvictor getvictor rh-colbymorgan rh-colbymorgan jeffssh jeffssh
Git LFS permits exfiltration of credentials via crafted HTTP URLs High
CVE-2024-53263 was published for github.com/git-lfs/git-lfs (Go) Jan 14, 2025
Ry0taK Credited to Ry0taK
Plenti arbitrary file deletion vulnerability High
CVE-2024-49381 was published for github.com/plentico/plenti (Go) Oct 31, 2024
Plenti arbitrary file write vulnerability High
CVE-2024-49380 was published for github.com/plentico/plenti (Go) Oct 31, 2024
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable High
CVE-2024-41121 was published for go.woodpecker-ci.org/woodpecker (Go) Jul 19, 2024
Woodpecker's custom environment variables allow to alter execution flow of plugins Moderate
CVE-2024-41122 was published for go.woodpecker-ci.org/woodpecker (Go) Jul 19, 2024
Sliver Allows Authenticated Operator-to-Server Remote Code Execution High
CVE-2024-41111 was published for github.com/bishopfox/sliver (Go) Jul 18, 2024
hyperreality Credited to hyperreality
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF High
CVE-2024-23828 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1 Credited to Elleuch-x1 and 0xJacky 0xJacky 0xJacky
ewen-lbh/ffcss Late-Unicode normalization vulnerability Moderate
CVE-2023-52081 was published for github.com/ewen-lbh/ffcss (Go) Dec 28, 2023
Sim4n6 Credited to Sim4n6
Mattermost Injection vulnerability High
CVE-2023-6458 was published for github.com/mattermost/mattermost-server/v6 (Go) Dec 6, 2023
Mattermost Injection vulnerability Low
CVE-2023-35075 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
Ingress nginx annotation injection causes arbitrary command execution High
CVE-2023-5043 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
Kiali content spoofing vulnerability Moderate
CVE-2022-3962 was published for github.com/kiali/kiali (Go) Sep 23, 2023
1Panel vulnerable to command injection when adding container repositories Moderate
CVE-2023-36457 was published for github.com/1Panel-dev/1Panel (Go) Jul 5, 2023
Abstrium Pydio Cells Resource Injection vulnerability Moderate
CVE-2023-2980 was published for github.com/pydio/cells/v4 (Go) May 30, 2023
Denial of service (DoS) when processing Git credentials Moderate
CVE-2022-43756 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
Apache Traffic Control Traffic Ops Vulnerable to LDAP Injection Critical
CVE-2021-43350 was published for github.com/apache/trafficcontrol (Go) May 24, 2022
b3log Wide unauthenticated file access High
CVE-2019-13915 was published for github.com/b3log/wide (Go) May 24, 2022
Rancher code injection via fluentd config commands High
CVE-2019-12303 was published for github.com/rancher/rancher (Go) May 24, 2022
Command injection in gh-ost Moderate
CVE-2022-21687 was published for github.com/github/gh-ost (Go) Feb 1, 2022
dwisiswant0 Credited to dwisiswant0
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database