Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,241
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,511
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets Moderate
CVE-2026-32694 was published for github.com/juju/juju (Go) Mar 19, 2026
hpidcock Credited to hpidcock
Juju has unauthorized access to out-of-scope Kubernetes secrets High
CVE-2026-32693 was published for github.com/juju/juju (Go) Mar 19, 2026
dimaqq Credited to dimaqq, hpidcock, and wallyworld hpidcock hpidcock
wallyworld wallyworld
Juju has unauthorized update of out-of-scope Vault secrets High
CVE-2026-32692 was published for github.com/juju/juju (Go) Mar 19, 2026
hpidcock Credited to hpidcock
Juju affected by timing ownership claim attack on new external back-end secrets Moderate
CVE-2026-32691 was published for github.com/juju/juju (Go) Mar 19, 2026
hpidcock Credited to hpidcock
Juju allows arbitrary executable uploads via authenticated endpoint without authorization High
CVE-2025-0928 was published for github.com/juju/juju (Go) Jul 9, 2025
tlm Credited to tlm, wallyworld, hpidcock, Fedqys, and setharnold wallyworld wallyworld
hpidcock hpidcock Fedqys Fedqys setharnold setharnold
Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization Moderate
CVE-2025-53512 was published for github.com/juju/juju (Go) Jul 9, 2025
wallyworld Credited to wallyworld and hpidcock hpidcock hpidcock
Juju zip slip vulnerability via authenticated endpoint High
CVE-2025-53513 was published for github.com/juju/juju (Go) Jul 9, 2025
wallyworld Credited to wallyworld and hpidcock hpidcock hpidcock
juju/utils leaks private key in certs Moderate
CVE-2025-6224 was published for github.com/juju/utils/v4/cert (Go) Jul 1, 2025
mcsaucy Credited to mcsaucy, hpidcock, and nikosgalanis hpidcock hpidcock
nikosgalanis nikosgalanis
Vulnerable juju introspection abstract UNIX domain socket Moderate
CVE-2024-8038 was published for github.com/juju/juju (Go) Oct 3, 2024
hpidcock Credited to hpidcock
Vulnerable juju hook tool abstract UNIX domain socket Moderate
CVE-2024-8037 was published for github.com/juju/juju (Go) Oct 3, 2024
hpidcock Credited to hpidcock and phvalguima phvalguima phvalguima
JUJU_CONTEXT_ID is a predictable authentication secret Moderate
CVE-2024-7558 was published for github.com/juju/juju (Go) Oct 3, 2024
hpidcock Credited to hpidcock and lucistanescu lucistanescu lucistanescu
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm High
GHSA-6vjm-54vp-mxhx was published for github.com/juju/juju (Go) Aug 5, 2024
phvalguima Credited to phvalguima, manadart, SimonRichardson, hpidcock, lucistanescu, and eslerm manadart manadart
SimonRichardson SimonRichardson hpidcock hpidcock lucistanescu lucistanescu eslerm eslerm
Pebble service manager's file pull API allows access by any user Moderate
CVE-2024-3250 was published for github.com/canonical/pebble (Go) Apr 5, 2024
hpidcock Credited to hpidcock and benhoyt benhoyt benhoyt
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database