GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,260
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,483
Swift
61
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Exposure of SSH credentials in Rancher/Fleet
Low
GHSA-wm2r-rp98-8pmh
was published
for
github.com/rancher/rancher
(Go)
Apr 27, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF
Low
CVE-2022-41925
was published
for
tailscale.com/cmd
(Go)
Nov 21, 2022
Traefik may display authorization header in the debug logs
Low
CVE-2022-23469
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
Cilium vulnerable to information leakage via incorrect ReferenceGrant handling
Low
CVE-2023-34242
was published
for
github.com/cilium/cilium
(Go)
Jun 16, 2023
etcd Key name can be accessed via LeaseTimeToLive API
Low
CVE-2023-32082
was published
for
github.com/etcd-io/etcd
(Go)
May 12, 2023
Caddy allows enumeration of Certificates and Hostnames
Low
CVE-2018-19148
was published
for
github.com/caddyserver/caddy
(Go)
May 14, 2022
Grafana Forward OAuth Identity Token can allow users to access some data sources
Low
CVE-2022-21673
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Container build can leak any path on the host into the container
Low
GHSA-vp35-85q5-9f25
was published
for
github.com/docker/docker
(Go)
Nov 11, 2022
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
Low
GHSA-xr7q-jx4m-x55m
was published
for
google.golang.org/grpc
(Go)
Jul 5, 2024
OpenTofu potential leaking of secret variable values when using static evaluation in v1.8
Low
GHSA-wpr2-j6gr-pjw9
was published
for
github.com/opentofu/opentofu
(Go)
Oct 3, 2024
Atlantis Exposes Service Version Publicly on /status API Endpoint
Low
CVE-2025-58445
was published
for
github.com/runatlantis/atlantis
(Go)
Sep 5, 2025
Gitea improperly exposes issue and pull request titles
Low
CVE-2026-20800
was published
for
github.com/go-gitea/gitea
(Go)
Jan 23, 2026
uTLS has a fingerprint vulnerability from missing padding extension for Chrome 120
Low
CVE-2026-26995
was published
for
github.com/refraction-networking/utls
(Go)
Feb 18, 2026
Mattermost race condition
Low
CVE-2024-1949
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost incorrectly allows access individual posts
Low
CVE-2024-1952
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
Low
GHSA-j5vm-7qcc-2wwg
was published
for
github.com/kopia/kopia
(Go)
Apr 10, 2024
Nhost Leaks Refresh Tokens via URL Query Parameter in OAuth Provider Callback
Low
CVE-2026-34969
was published
for
github.com/nhost/nhost
(Go)
Apr 1, 2026
OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure
Low
CVE-2026-45683
was published
for
go.opentelemetry.io/obi
(Go)
May 18, 2026
Dragonfly Manager OAuth provider client_secret disclosure via unauthenticated GET /api/v1/oauth
Low
CVE-2026-49254
was published
for
d7y.io/dragonfly/v2
(Go)
Jul 2, 2026
ProTip!
Advisories are also available from the
GraphQL API