Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

39 advisories

Loading
Mattermost Server allows user to get private channel names Moderate
CVE-2024-10241 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 29, 2024
Vulnerable juju hook tool abstract UNIX domain socket Moderate
CVE-2024-8037 was published for github.com/juju/juju (Go) Oct 3, 2024
hpidcock phvalguima
Mattermost allows guest user with read access to upload files to a channel Moderate
CVE-2024-43780 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost allows team admin user without "Add Team Members" permission to disable invite URL Moderate
CVE-2024-40884 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost doesn't redact remote users' original email addresses Moderate
CVE-2024-32939 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost doesn't restrict which roles can promote a user as system admin Moderate
CVE-2024-8071 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost allows a user on a remote to set their remote username prop to an arbitrary string Moderate
CVE-2024-39839 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost allows a remote actor to make an arbitrary local channel read-only Moderate
CVE-2024-41162 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost allows remote actor to set arbitrary RemoteId values for synced users Moderate
CVE-2024-41926 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost did not properly restrict channel creation Moderate
CVE-2024-39837 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost failed to properly validate synced reactions Moderate
CVE-2024-29977 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost failed to disallow the modification of local users when syncing users in shared channels Moderate
CVE-2024-36492 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull Moderate
CVE-2024-34068 was published for github.com/pterodactyl/wings (Go) May 3, 2024
TrixterTheTux matthewpi
Mattermost Server Improper Access Control Moderate
CVE-2024-29221 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
Mattermost allows attackers access to posts in channels they are not a member of Moderate
CVE-2024-1942 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost fails to check the "invite_guest" permission Moderate
CVE-2024-1888 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost viewing archived public channels permissions vulnerability Moderate
CVE-2023-47858 was published for github.com/mattermost/mattermost-server/v6 (Go) Jan 2, 2024
Mattermost Improper Access Control vulnerability Moderate
CVE-2023-6202 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
Mattermost Improper Access Control vulnerability Moderate
CVE-2023-47865 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
OpenFGA Authorization Bypass Moderate
CVE-2023-40579 was published for github.com/openfga/openfga (Go) Aug 25, 2023
aaguiarz
Mattermost does not validate requesting user permissions before updating admin details Moderate
CVE-2023-4107 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
Mattermost fails to check if user is a guest before performing actions on public playbooks Moderate
CVE-2023-4106 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
Grafana has Broken Access Control in Alert manager: Viewer can send test alerts Moderate
CVE-2023-2183 was published for github.com/grafana/grafana (Go) Jun 12, 2023
sebob
Duplicate Advisory: Grafana Improper Access Control vulnerability Moderate
GHSA-wm7r-3qxj-5xgq was published for github.com/grafana/grafana (Go) Jun 6, 2023 withdrawn
kyverno seccomp control can be circumvented Moderate
CVE-2023-33191 was published for github.com/kyverno/kyverno (Go) May 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database