Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

205 advisories

Loading
Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability Low
CVE-2025-61581 was published for github.com/apache/trafficcontrol/v8 (Go) Oct 16, 2025
Mattermost has an Incorrect Authorization vulnerability Low
CVE-2025-10545 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Mattermost has an Observable Timing Discrepancy vulnerability Low
CVE-2025-54499 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
vet MCP Server SSE Transport DNS Rebinding Vulnerability Low
CVE-2025-59163 was published for github.com/safedep/vet (Go) Sep 29, 2025
eharris128
Credited to eharris128
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace Low
GHSA-q6hv-wcjr-wp8h was published for github.com/kcp-dev/kcp (Go) Sep 26, 2025
SimonTheLeg embik
Credited to SimonTheLeg and embik
Omni Wireguard SideroLink potential escape Low
CVE-2025-59824 was published for github.com/siderolabs/omni (Go) Sep 24, 2025
smira Unix4ever
Credited to smira and Unix4ever
Mattermost boards plugin fails to restrict download access to files Low
CVE-2025-9081 was published for github.com/mattermost/mattermost-plugin-boards (Go) Sep 19, 2025
Dragonfly's directories created via os.MkdirAll are not checked for permissions Low
CVE-2025-59349 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
Mattermost Open Redirect vulnerability Low
CVE-2025-9084 was published for github.com/mattermost/mattermost-server (Go) Sep 15, 2025
Atlantis Exposes Service Version Publicly on /status API Endpoint Low
CVE-2025-58445 was published for github.com/runatlantis/atlantis (Go) Sep 5, 2025
matthewmrichter
Credited to matthewmrichter
Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token Low
GHSA-3rw9-wmc8-8948 was published for github.com/coder/coder/v2 (Go) Aug 28, 2025
spikecurtis
Credited to spikecurtis
Mattermost Server SSRF Vulnerability via the Agents Plugin Low
CVE-2025-47700 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Lack of Access Control Validation Low
CVE-2025-49810 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Fails to Properly Validate Team Role Modification Low
CVE-2025-53971 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Confluence Plugin has Missing Authorization vulnerability Low
CVE-2025-53857 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
Mattermost Confluence Plugin has Missing Authorization vulnerability Low
CVE-2025-49221 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
OpenBao has a Timing Side-Channel in the Userpass Auth Method Low
CVE-2025-54999 was published for github.com/openbao/openbao (Go) Aug 8, 2025
Duplicate Advisory: Denial of service via malicious preflight requests in github.com/rs/cors Low
GHSA-vh9x-phq6-fx54 was published for github.com/rs/cors (Go) Aug 6, 2025 withdrawn
github.com/go-acme/lego/v4/acme/api does not enforce HTTPS Low
CVE-2025-54799 was published for github.com/go-acme/lego (Go) Aug 6, 2025
songgao chrisnojima
AMarcedone
Credited to songgao, chrisnojima, and AMarcedone
Duplicate Advisory: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
GHSA-522r-9946-fw43 was published for github.com/cloudflare/circl (Go) Aug 6, 2025 withdrawn
Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users Low
CVE-2025-6011 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
Moby firewalld reload removes bridge network isolation Low
CVE-2025-54410 was published for github.com/docker/docker (Go) Jul 29, 2025
Mattermost has Insufficiently Protected Credentials Low
CVE-2025-6227 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points Low
GHSA-phhq-63jg-fp7r was published for github.com/edgelesssys/contrast (Go) Jul 9, 2025
burgerdev katexochen
thomasten
Credited to burgerdev, katexochen, and thomasten
File Browser's password protection of links is bypassable Low
CVE-2025-52996 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig hacdias
Credited to mtausig and hacdias
ProTip! Advisories are also available from the GraphQL API