Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,950
Maven
5,000+
npm
4,596
NuGet
787
pip
4,301
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

2,950 advisories

Loading
Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service High
CVE-2026-25791 was published for github.com/bishopfox/sliver (Go) Feb 6, 2026
xtle0o0
Credited to xtle0o0
Antrea has invalid enforcement order for network policy rules caused by integer overflow High
CVE-2026-25804 was published for antrea.io/antrea (Go) Feb 6, 2026
antoninbas
Credited to antoninbas
Blocklist Bypass possible via ECDSA Signature Malleability High
CVE-2026-25793 was published for github.com/slackhq/nebula (Go) Feb 6, 2026
Sliver Vulnerable to Website Path Traversal / Arbitrary File Read (Authenticated) Moderate
CVE-2026-25760 was published for github.com/bishopfox/sliver (Go) Feb 5, 2026
xtle0o0
Credited to xtle0o0
Mattermost Server does not restrict SAML certificate path for System Administrators Moderate
CVE-2017-18918 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server uses weak hashing for OAuth, email verification tokens and invitations High
CVE-2017-18917 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server has Improper Authorization for Integration Requests Moderate
CVE-2017-18916 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server server restarts may provide attackers with API access Critical
CVE-2017-18915 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server has X.509 Improper Certificate Validation Critical
CVE-2017-18911 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server vulnerable to XSS through channel headers Moderate
CVE-2017-18907 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panic Low
GHSA-vhvq-fv9f-wh4q was published for github.com/authzed/spicedb (Go) Feb 6, 2026
1seal
Credited to 1seal
OpenCloud Reva has a Public Link Exploit High
CVE-2026-23989 was published for github.com/opencloud-eu/reva/v2 (Go) Feb 5, 2026
rhafer aduffeck
dragotin micbar
Credited to rhafer, aduffeck, dragotin, and micbar
Gophish is vulnerable to Incorrect Access Control Moderate
CVE-2025-70963 was published for github.com/gophish/gophish (Go) Feb 6, 2026
Argo Workflows Controller: Denial of Service via malicious daemon Workflows Moderate
CVE-2024-47827 was published for github.com/argoproj/argo-workflows/v3 (Go) Oct 28, 2024
meln5674 agilgur5
Credited to meln5674 and agilgur5
Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows High
CVE-2022-29164 was published for github.com/argoproj/argo-workflows/v3 (Go) May 23, 2022
alexec
Credited to alexec
Mattermost Confluence plugin doesn't properly escape user-controlled display names in HTML template rendering High
CVE-2025-13523 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Feb 6, 2026
Gogs has authorization bypass in repository deletion API Moderate
CVE-2025-65852 was published for gogs.io/gogs (Go) Feb 6, 2026
Yannis175
Credited to Yannis175
Gogs vulnerable to Stored XSS via Mermaid diagrams High
GHSA-26gq-grmh-6xm6 was published for gogs.io/gogs (Go) Feb 6, 2026
jdomeracki
Credited to jdomeracki
OpenFGA Improper Policy Enforcement Moderate
CVE-2026-24851 was published for github.com/openfga/openfga (Go) Feb 5, 2026
Gogs vulnerable to arbitrary file deletion via Path Traversal in wiki page update High
CVE-2026-24135 was published for gogs.io/gogs (Go) Feb 6, 2026
reschjonas
Credited to reschjonas
Gogs has arbitrary file read/write via Path Traversal in Git hook editing Moderate
CVE-2026-23633 was published for gogs.io/gogs (Go) Feb 6, 2026
odgrso
Credited to odgrso
Gogs user can update repository content with read-only permission Moderate
CVE-2026-23632 was published for gogs.io/gogs (Go) Feb 6, 2026
odgrso
Credited to odgrso
Gogs has a Denial of Service issue Moderate
CVE-2026-22592 was published for gogs.io/gogs (Go) Feb 6, 2026
Neptunium931
Credited to Neptunium931
Gogs Vulnerable to 2FA Bypass via Recovery Code High
CVE-2025-64175 was published for gogs.io/gogs (Go) Feb 6, 2026
Gogs's update .git/config file allows remote command execution Critical
CVE-2025-64111 was published for gogs.io/gogs (Go) Feb 6, 2026
ROPShell
Credited to ROPShell
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database