Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,234 advisories

Loading
Mattermost Server allows attackers to create buttons that can launch API requests Moderate
CVE-2017-18890 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to webhook and slash command manipulation Moderate
CVE-2017-18889 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server exposes team creator's e-mail address to other members Moderate
CVE-2017-18887 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server has low entropy for authorization data as an OAuth 2.0 Service Provider Moderate
CVE-2017-18883 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Envoy's TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte Moderate
CVE-2025-66220 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyao phlax
ggreenway yanavlasov agrawroh
Credited to botengyao, phlax, ggreenway, yanavlasov, and agrawroh
Envoy crashes when JWT authentication is configured with the remote JWKS fetching Moderate
CVE-2025-64527 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyao phlax
agrawroh yanavlasov
Credited to botengyao, phlax, agrawroh, and yanavlasov
Mattermost Server is vulnerable to XSS through author_link field in Slack attachments Moderate
CVE-2017-18879 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server allows users with a session ID to revoke another users' session Moderate
CVE-2017-18878 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to XSS attacks against an OAuth 2.0 allow/deny page Moderate
CVE-2017-18877 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to Path Traversal when files are stored locally Moderate
CVE-2017-18876 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server does not prevent System Admin from arbitrary file creation Moderate
CVE-2017-18875 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
step-ca Has Improper Authorization Check for SSH Certificate Revocation Moderate
CVE-2025-66406 was published for github.com/smallstep/certificates (Go) Dec 3, 2025
operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd Moderate
CVE-2025-7195 was published for github.com/operator-framework/operator-sdk (Go) Aug 7, 2025
Mattermost Server exposes team invite IDs through API endpoints Moderate
CVE-2017-18902 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server has mishandled webhook access control Moderate
CVE-2017-18870 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Apptainer ineffectively applies selinux and apparmor --security options Moderate
CVE-2025-65105 was published for github.com/apptainer/apptainer (Go) Dec 2, 2025
dtrudg
Credited to dtrudg
Singluarity ineffectively applies selinux / apparmor LSM process labels Moderate
CVE-2025-64750 was published for github.com/sylabs/singularity/v4 (Go) Dec 2, 2025
Eclipse Paho Go MQTT may incorrectly encode strings if length exceeds 65535 bytes Moderate
CVE-2025-10543 was published for github.com/eclipse/paho.mqtt.golang (Go) Dec 2, 2025
Mattermost fails to validate user permissions when deleting comments in Boards Moderate
CVE-2025-12756 was published for github.com/mattermost/mattermost (Go) Dec 1, 2025
Mattermost fails to sanitize team email addresses Moderate
CVE-2025-12559 was published for github.com/mattermost/mattermost-server (Go) Nov 27, 2025
Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic Moderate
CVE-2025-64715 was published for Ciliumgithub.com/cilium/cilium (Go) Dec 1, 2025
SeanEmac fristonio
Credited to SeanEmac and fristonio
KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes Moderate
CVE-2025-64436 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
xpivarc
Credited to mihailkirov, Faeris95, and xpivarc
KubeVirt's Improper TLS Certificate Management Handling Allows API Identity Spoofing Moderate
CVE-2025-64434 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
OpenFGA Improper Policy Enforcement Moderate
CVE-2025-64751 was published for github.com/openfga/openfga (Go) Nov 20, 2025
esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript Moderate
CVE-2025-65026 was published for github.com/esm-dev/esm.sh (Go) Nov 19, 2025
pyozzi-toss
Credited to pyozzi-toss
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database