GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
12 advisories
NATS Server may fail to authorize certain Jetstream admin APIs
Critical
CVE-2025-30215
was published
for
github.com/nats-io/nats-server/v2
(Go)
Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times
Moderate
CVE-2025-31135
was published
for
github.com/phires/go-guerrilla
(Go)
lxd has a restricted TLS certificate privilege escalation when in PKI mode
Low
CVE-2024-6219
was published
for
github.com/canonical/lxd
(Go)
cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs
Moderate
GHSA-r4pg-vg54-wxx4
was published
for
github.com/cert-manager/cert-manager
(Go)
Git credentials are exposed in Atlantis logs
High
CVE-2024-52009
was published
for
github.com/runatlantis/atlantis
(Go)
CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data
High
GHSA-p7mv-53f2-4cwj
was published
for
github.com/cometbft/cometbft
(Go)
CoreDNS Cache Poisoning via a birthday attack
Moderate
CVE-2023-30464
was published
for
github.com/coredns/coredns
(Go)
1Panel arbitrary file write vulnerability
Moderate
CVE-2024-34352
was published
for
github.com/1Panel-dev/1Panel
(Go)
AVideo contains Command injection when embedding a video link
Critical
CVE-2023-25313
was published
for
wwbn/avideo
(Composer)
Denial of service via insufficient metadata validation
Moderate
GHSA-p93v-m2r2-4387
was published
for
github.com/google/fscrypt
(Go)
ProTip!
Advisories are also available from the
GraphQL API