Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

31 advisories

Loading
IncusOS has a LUKS encryption bypass due to insufficient TPM policy High
CVE-2026-32606 was published for github.com/lxc/incus-os/incus-osd (Go) Mar 16, 2026
Rancher doesn't properly sanitize credentials in cluster template answers Critical
CVE-2021-36783 was published for github.com/rancher/rancher (Go) Mar 3, 2026
NeuVector scanner insecurely handles passwords as command arguments Low
CVE-2025-67860 was published for github.com/neuvector/scanner (Go) Feb 12, 2026
Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials High
CVE-2024-28110 was published for github.com/cloudevents/sdk-go/v2 (Go) Mar 6, 2024
mattmoor Credited to mattmoor, tcnghia, and sunnypatell tcnghia tcnghia
sunnypatell sunnypatell
EVE Seals Vault Key With SHA1 PCRs Moderate
CVE-2023-43635 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Doesn't Protect Config Partition with Measured Boot Moderate
CVE-2023-43634 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
Duplicate Advisory: EVE Doesn't Protect Config Partition with Measured Boot High
GHSA-3wmx-9qwp-h363 was published for github.com/lf-edge/eve (Go) Sep 21, 2023 withdrawn
EVE's Debug Functions Unlockable Without Triggering Measured Boot Moderate
CVE-2023-43633 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
Duplicate Advisory: EVE's Debug Functions Unlockable Without Triggering Measured Boot High
GHSA-6958-8cpr-xgrq was published for github.com/lf-edge/eve (Go) Sep 21, 2023 withdrawn
EVE: SSH as Root Unlockable Without Triggering Measured Boot Moderate
CVE-2023-43631 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
Duplicate Advisory: EVE: SSH as Root Unlockable Without Triggering Measured Boot High
GHSA-f6wp-8j9r-frrg was published for github.com/lf-edge/eve (Go) Sep 21, 2023 withdrawn
EVE Doesn't Measure Config Partition From 2 Fronts Moderate
CVE-2023-43630 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
Duplicate Advisory: EVE Doesn't Measure Config Partition From 2 Fronts High
GHSA-5jvg-8j6f-vpmc was published for github.com/lf-edge/eve (Go) Sep 20, 2023 withdrawn
malcontent OCI image pull credential exfiltration via malicious registry token realm Moderate
CVE-2026-24845 was published for github.com/chainguard-dev/malcontent (Go) Jan 29, 2026
1seal Credited to 1seal, egibs, antitree, stevebeattie, and eslerm egibs egibs
antitree antitree stevebeattie stevebeattie eslerm eslerm
Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS Moderate
CVE-2025-32963 was published for github.com/minio/operator (Go) Apr 21, 2025
bburky Credited to bburky and pjuarezd pjuarezd pjuarezd
Skipper is vulnerable to arbitrary code execution through lua filters High
CVE-2026-23742 was published for github.com/zalando/skipper (Go) Jan 16, 2026
moyushui Credited to moyushui and b0b0haha b0b0haha b0b0haha
Argo Workflow may expose artifact repository credentials High
CVE-2025-62157 was published for github.com/argoproj/argo-workflows/v3 (Go) Oct 14, 2025
r0binak Credited to r0binak
NeuVector process with sensitive arguments lead to leakage Moderate
CVE-2025-54467 was published for github.com/neuvector/neuvector (Go) Aug 28, 2025
Mattermost has Insufficiently Protected Credentials Low
CVE-2025-6227 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
Grafana plugin SDK Information Leakage Critical
CVE-2024-8986 was published for github.com/grafana/grafana-plugin-sdk-go (Go) Sep 19, 2024
Exposure of vSphere's CPI and CSI credentials in Rancher High
CVE-2022-45157 was published for github.com/rancher/rancher (Go) Oct 25, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins Moderate
CVE-2022-31130 was published for github.com/grafana/grafana (Go) May 14, 2024
joaxcar Credited to joaxcar
Docker CLI leaks private registry credentials to registry-1.docker.io Moderate
CVE-2021-41092 was published for github.com/docker/cli (Go) Jun 10, 2024
apko Exposure of HTTP basic auth credentials in log output High
CVE-2024-36127 was published for chainguard.dev/apko (Go) Jun 4, 2024
kolloch Credited to kolloch
Trivy possibly leaks registry credential when scanning images from malicious registries Moderate
CVE-2024-35192 was published for github.com/aquasecurity/trivy (Go) May 20, 2024
lyoung-confluent Credited to lyoung-confluent
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database