Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

30 advisories

Loading
Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams High
CVE-2024-42497 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm High
GHSA-6vjm-54vp-mxhx was published for github.com/juju/juju (Go) Aug 5, 2024
phvalguima manadart
SimonRichardson hpidcock lucistanescu eslerm
Mattermost allows remote actor to create/update/delete posts in arbitrary channels High
CVE-2024-41144 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
karmada vulnerable to arbitrary code execution via a crafted command High
CVE-2024-33396 was published for github.com/karmada-io/karmada (Go) May 2, 2024
Rancher's Steve API Component Improper authorization check allows privilege escalation High
CVE-2021-36776 was published for github.com/rancher/rancher (Go) Apr 24, 2024
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication High
CVE-2021-36775 was published for github.com/rancher/rancher (Go) Apr 24, 2024
Access Restriction Bypass in go-ipfs High
CVE-2020-10937 was published for github.com/ipfs/go-ipfs (Go) Apr 24, 2024
Mattermost fails to authenticate the source of certain types of post actions High
CVE-2024-2447 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
Mattermost post fetching without auditing in compliance export High
CVE-2024-1887 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
HashiCorp Consul Incorrect Access Control vulnerability High
CVE-2019-12291 was published for github.com/hashicorp/consul (Go) Jun 9, 2023
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster High
CVE-2022-21953 was published for github.com/rancher/rancher (Go) Jan 25, 2023
Privilege escalation in project role template binding (PRTB) and -promoted roles High
CVE-2022-43759 was published for github.com/rancher/rancher (Go) Jan 25, 2023
GitOps Run allows for Kubernetes workload injection High
CVE-2022-23508 was published for github.com/weaveworks/weave-gitops (Go) Jan 9, 2023
pjbgf
usememos/memos Improper Access Control vulnerability High
CVE-2022-4809 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Access Control vulnerability High
CVE-2022-4803 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos vulnerable to account takeover due to improper access control High
CVE-2022-4689 was published for github.com/usememos/memos (Go) Dec 23, 2022
usememos/memos Improper Access Control vulnerability High
CVE-2022-4684 was published for github.com/usememos/memos (Go) Dec 23, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete High
GHSA-28q9-9c3g-v3f9 was published for github.com/treeverse/lakefs (Go) Sep 23, 2022
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure High
CVE-2022-2995 was published for github.com/cri-o/cri-o (Go) Sep 20, 2022
Argo CD improper access control bug can allow malicious user to escalate privileges to admin level High
CVE-2022-1025 was published for github.com/argoproj/argo-cd (Go) Jul 13, 2022
HashiCorp Consul Access Restriction Bypass High
CVE-2019-8336 was published for github.com/hashicorp/consul (Go) May 13, 2022
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server High
CVE-2022-24730 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt jessesuen
Access Restriction Bypass in kubernetes High
CVE-2016-1905 was published for github.com/kubernetes/kubernetes (Go) Feb 15, 2022
Duplicate Advisory: Incorrect Access Control in github.com/nats-io/jwt and github.com/nats-io/nats-server/v2 High
GHSA-9r5x-fjv3-q6h4 was published for github.com/nats-io/jwt (Go) Feb 15, 2022 withdrawn
Istio may not check inbound TCP connections against istio-policy High
CVE-2019-12243 was published for istio.io/istio (Go) Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database