Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
37
Go
2,526
Maven
5,000+
npm
4,189
NuGet
742
pip
3,968
Pub
12
RubyGems
947
Rust
1,030
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,526 advisories

Loading
Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning Critical
CVE-2025-59823 was published for github.com/gardener/gardener-extension-provider-aws (Go) Sep 25, 2025
petersutter kon-angelo
hebelsan JordanJordanov donistz
Omni Wireguard SideroLink potential escape Low
CVE-2025-59824 was published for github.com/siderolabs/omni (Go) Sep 24, 2025
smira Unix4ever
Mattermost Path Traversal vulnerability High
CVE-2025-9079 was published for github.com/mattermost/mattermost-server (Go) Sep 19, 2025
Mattermost boards plugin fails to restrict download access to files Low
CVE-2025-9081 was published for github.com/mattermost/mattermost-plugin-boards (Go) Sep 19, 2025
Grafana-Zabbix ReDoS vulnerability Moderate
CVE-2025-10630 was published for github.com/alexanderzobnin/grafana-zabbix (Go) Sep 19, 2025
DragonFly's tiny file download uses hard coded HTTP protocol Moderate
CVE-2025-59410 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
DragonFly has weak integrity checks for downloaded files Moderate
CVE-2025-59354 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
DragonFly's manager generates mTLS certificates for arbitrary IP addresses High
CVE-2025-59353 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
DragonFly vulnerable to arbitrary file read and write on a peer machine Moderate
CVE-2025-59352 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error Moderate
CVE-2025-59351 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Dragonfly vulnerable to timing attacks against Proxy’s basic authentication Moderate
CVE-2025-59350 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Dragonfly's directories created via os.MkdirAll are not checked for permissions Low
CVE-2025-59349 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Dragonfly incorrectly handles a task structure’s usedTrac field Moderate
CVE-2025-59348 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Dragonfly's manager makes requests to external endpoints with disabled TLS authentication Moderate
CVE-2025-59347 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Dragonfly vulnerable to server-side request forgery High
CVE-2025-59346 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Dragonfly doesn't have authentication enabled for some Manager’s endpoints High
CVE-2025-59345 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header Moderate
CVE-2025-59342 was published for github.com/esm-dev/esm.sh (Go) Sep 17, 2025
j3ssie
esm.sh has File Inclusion issue High
CVE-2025-59341 was published for github.com/esm-dev/esm.sh (Go) Sep 17, 2025
j3ssie
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace Low
GHSA-q6hv-wcjr-wp8h was published for github.com/kcp-dev/kcp (Go) Sep 26, 2025
SimonTheLeg embik
Rancher update on users can deny the service to the admin High
CVE-2024-58260 was published for github.com/rancher/rancher (Go) Sep 26, 2025
Rancher CLI SAML authentication is vulnerable to phishing attacks High
CVE-2024-58267 was published for github.com/rancher/rancher (Go) Sep 26, 2025
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint Moderate
CVE-2025-54468 was published for github.com/rancher/rancher (Go) Sep 26, 2025
WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled High
CVE-2025-54376 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Mattermost Confluence Plugin has Missing Authorization vulnerability Moderate
CVE-2025-8285 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
Mattermost Confluence Plugin is Missing Authentication for Critical Function Moderate
CVE-2025-54478 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database