Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,203
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,486
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server Moderate
CVE-2025-48938 was published for github.com/cli/go-gh/v2 (Go) May 30, 2025
andyfeller Credited to andyfeller, williammartin, BagToad, babakks, matt-, shilpakum, and vcsjones williammartin williammartin
BagToad BagToad babakks babakks matt- matt- shilpakum shilpakum vcsjones vcsjones
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability Moderate
CVE-2024-54132 was published for github.com/cli/cli (Go) Dec 4, 2024
andyfeller Credited to andyfeller, jtmcg, williammartin, BagToad, and parablack jtmcg jtmcg
williammartin williammartin BagToad BagToad parablack parablack
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts Moderate
CVE-2024-53858 was published for github.com/cli/cli/v2 (Go) Nov 27, 2024
BagToad Credited to BagToad, andyfeller, williammartin, jtmcg, and Ry0taK andyfeller andyfeller
williammartin williammartin jtmcg jtmcg Ry0taK Ry0taK
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace Moderate
CVE-2024-53859 was published for github.com/cli/go-gh (Go) Nov 27, 2024
BagToad Credited to BagToad, williammartin, andyfeller, jtmcg, and Ry0taK williammartin williammartin
andyfeller andyfeller jtmcg jtmcg Ry0taK Ry0taK
Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer High
CVE-2024-52308 was published for github.com/cli/cli (Go) Nov 14, 2024
sarahbarili Credited to sarahbarili, cmbrose, BlueSzy, andyfeller, BagToad, and Ry0taK cmbrose cmbrose
BlueSzy BlueSzy andyfeller andyfeller BagToad BagToad Ry0taK Ry0taK
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database