Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,558
Maven
5,000+
npm
4,232
NuGet
751
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,558 advisories

Loading
go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents Moderate
CVE-2025-62375 was published for github.com/in-toto/go-witness (Go) Oct 15, 2025
jkjell
Credited to jkjell
gnark-crypto doesn't range check input values during ECDSA and EdDSA signature deserialization Moderate
GHSA-fr8m-434r-g3xp was published for github.com/consensys/gnark-crypto (Go) Oct 15, 2025
CometBFT's invalid BitArray handling can lead to network halt High
GHSA-hrhf-2vcr-ghch was published for github.com/cometbft/cometbft (Go) Oct 14, 2025
whoismxuse
Credited to whoismxuse
Argo Workflow may expose artifact repository credentials High
CVE-2025-62157 was published for github.com/argoproj/argo-workflows/v3 (Go) Oct 14, 2025
r0binak
Credited to r0binak
Argo Workflow has a Zipslip Vulnerability High
CVE-2025-62156 was published for github.com/argoproj/argo-workflows/v3 (Go) Oct 14, 2025
im-soohyun
Credited to im-soohyun
Omni vulnerable to information leak via API High
CVE-2025-61688 was published for github.com/siderolabs/omni (Go) Oct 13, 2025
utkuozdemir
Credited to utkuozdemir
Omni is Vulnerable to DoS via Empty Create/Update Resource Requests Moderate
CVE-2025-59836 was published for github.com/siderolabs/omni (Go) Oct 13, 2025
1c3t0rm nicomda
utkuozdemir
Credited to 1c3t0rm, nicomda, and utkuozdemir
Parallax is vulnerable to DoS via malicious p2p message High
GHSA-xc79-566c-j4qx was published for github.com/microstack-tech/parallax (Go) Oct 10, 2025
Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret Moderate
CVE-2025-61926 was published for github.com/ossf/allstar (Go) Oct 10, 2025
AdamKorcz justaugustus
Credited to AdamKorcz and justaugustus
quic-go: Panic occurs when queuing undecryptable packets after handshake completion High
CVE-2025-59530 was published for github.com/quic-go/quic-go (Go) Oct 10, 2025
rsukhodolskyi
Credited to rsukhodolskyi
rardecode: DoS risk due to unrestricted RAR dictionary sizes Moderate
CVE-2025-11579 was published for github.com/nwaples/rardecode/v2 (Go) Oct 10, 2025
Casdoor is vulnerable to Improper Authorization High
CVE-2025-61524 was published for github.com/casdoor/casdoor (Go) Oct 8, 2025
Canonical LXD CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI High
CVE-2025-54286 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns High
CVE-2025-54287 was published for github.com/lxc/lxd (Go) Oct 2, 2025
Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server Moderate
CVE-2025-54288 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Canonical LXD Vulnerable to Privilege Escalation via WebSocket Connection Hijacking in Operations API High
CVE-2025-54289 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Canonical LXD Project Existence Determination Through Error Handling in Image Export Function Moderate
CVE-2025-54290 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function High
CVE-2025-54293 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Canonical LXD Project Existence Determination Through Error Handling in Image Get Function Moderate
CVE-2025-54291 was published for github.com/canonical/lxd (Go) Oct 2, 2025
github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks High
CVE-2025-61595 was published for github.com/MANTRA-Chain/mantrachain (Go) Sep 30, 2025
Hellobloc
Credited to Hellobloc
Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook High
CVE-2025-59538 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 30, 2025
jake-ciolek crenshaw-dev
blakepettersson
Credited to jake-ciolek, crenshaw-dev, and blakepettersson
argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload High
CVE-2025-59537 was published for github.com/argoproj/argo-cd (Go) Sep 30, 2025
s0ngsari530 jake-ciolek
crenshaw-dev blakepettersson
Credited to s0ngsari530, jake-ciolek, crenshaw-dev, and blakepettersson
Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload High
CVE-2025-59531 was published for github.com/argoproj/argo-cd (Go) Sep 30, 2025
jake-ciolek crenshaw-dev
blakepettersson
Credited to jake-ciolek, crenshaw-dev, and blakepettersson
Repository Credentials Race Condition Crashes Argo CD Server Moderate
CVE-2025-55191 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 30, 2025
thevilledev
Credited to thevilledev
Coder AgentAPI exposed user chat history via a DNS rebinding attack Moderate
CVE-2025-59956 was published for github.com/coder/agentapi (Go) Sep 29, 2025
eharris128
Credited to eharris128
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database