Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

33 advisories

Loading
Controller reconciles apps outside configured namespaces when sharding is enabled High
CVE-2023-22736 was published for github.com/argoproj/argo-cd (Go) Jan 25, 2023
czchen crenshaw-dev
Insecure plugin handling in Mattermost High
CVE-2022-1384 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 20, 2022
Velociraptor vulnerable to Missing Authorization High
CVE-2023-0242 was published for www.velocidex.com/golang/velociraptor (Go) Jan 18, 2023
Missing Authorization in HashiCorp Consul High
CVE-2022-3920 was published for github.com/hashicorp/consul (Go) Nov 16, 2022
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster High
CVE-2022-21953 was published for github.com/rancher/rancher (Go) Jan 25, 2023
HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation High
CVE-2023-1782 was published for github.com/hashicorp/nomad (Go) Apr 5, 2023
Mattermost fails to properly authentication inviter's permissions to private channel Moderate
CVE-2023-1774 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
Improper access control allows admin privilege escalation in Argo CD Critical
CVE-2022-24768 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint Moderate
CVE-2022-39340 was published for github.com/openfga/openfga (Go) Oct 25, 2022
Gitea Missing Authorization vulnerability High
CVE-2022-0905 was published for code.gitea.io/gitea (Go) Mar 11, 2022
Duplicate Advisory: Improper Authorization in Gogs High
GHSA-65f3-3278-7m65 was published for gogs.io/gogs (Go) Mar 12, 2022 withdrawn
Gogs vulnerable to improper PAM authorization handling High
CVE-2022-0871 was published for gogs.io/gogs (Go) Mar 14, 2022
ysf
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code Critical
CVE-2022-39222 was published for github.com/dexidp/dex (Go) Oct 3, 2022
joernchen bobcallaway
haydentherapper
Mattermost Server Sensitive Data Exposure Moderate
CVE-2020-14457 was published for github.com/mattermost/mattermost (Go) May 24, 2022
KubePi may allow unauthorized access to system API High
CVE-2023-22478 was published for github.com/KubeOperator/kubepi (Go) Jan 9, 2023
suanve
Kubernetes Privilege Escalation Critical
CVE-2017-1000056 was published for k8s.io/kubernetes (Go) May 12, 2021
Missing Authorization in Harbor Moderate
CVE-2019-16097 was published for github.com/goharbor/harbor (Go) Feb 15, 2022
Reject unauthorized access with GitHub PATs High
CVE-2021-21432 was published for github.com/go-vela/server (Go) Feb 15, 2022
JordanSussman
Authenticated users can exploit an enumeration vulnerability in Harbor Moderate
CVE-2020-13794 was published for github.com/goharbor/harbor (Go) May 24, 2021
Mattermost Server Missing Authorization vulnerability Moderate
CVE-2023-2783 was published for github.com/mattermost/mattermost-server/v6 (Go) Jun 16, 2023
Sealos billing system permission control defect High
CVE-2023-36815 was published for github.com/labring/sealos (Go) Jun 30, 2023
DVKunion
Mattermost fails to check if user is a guest before performing actions on public playbooks Moderate
CVE-2023-4106 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
Mattermost fails to correctly delete attachments Low
CVE-2023-4105 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
Answer Missing Authorization vulnerability High
CVE-2023-4124 was published for github.com/answerdev/answer (Go) Aug 3, 2023
ProTip! Advisories are also available from the GraphQL API