Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

364 advisories

Loading
Mattermost fails to check the "invite_guest" permission Moderate
CVE-2024-1888 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost post fetching without auditing in compliance export Moderate
CVE-2024-1887 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost fails to properly restrict the access of files attached to posts Low
CVE-2024-23488 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
ZenML Server Remote Privilege Escalation Vulnerability Moderate
CVE-2024-25723 was published for zenml (pip) Feb 27, 2024
hahwul
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated High
CVE-2024-22234 was published for org.springframework.security:spring-security-core (Maven) Feb 20, 2024
oscerd
Improper Access Control in moodle Moderate
CVE-2024-25980 was published for moodle/moodle (Composer) Feb 19, 2024
Improper Access Control in moodle Moderate
CVE-2024-25981 was published for moodle/moodle (Composer) Feb 19, 2024
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler High
CVE-2024-25121 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme Moderate
CVE-2024-25120 was published for typo3/cms-core (Composer) Feb 13, 2024
sushiwushi bnf
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module Moderate
CVE-2024-24751 was published for derhansen/sf_event_mgt (Composer) Feb 13, 2024
derhansen
Moodle Improper Access Control vulnerability Moderate
CVE-2024-1439 was published for moodle/moodle (Composer) Feb 12, 2024
Mattermost fails to check the required permissions Low
CVE-2024-24776 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 9, 2024
Graylog vulnerable to instantiation of arbitrary classes triggered by API request High
CVE-2024-24824 was published for org.graylog2:graylog2-server (Maven) Feb 7, 2024
fabsx00
phpMyFAQ User Removal Page Allows Spoofing Of User Details Moderate
CVE-2024-22202 was published for phpmyfaq/phpmyfaq (Composer) Feb 5, 2024
PinkDraconian
@lobehub/chat vulnerable to unauthorized access to plugins Moderate
CVE-2024-24566 was published for @lobehub/chat (npm) Jan 31, 2024
dastaj
vantage6 has insecure SSH configuration for node and server containers Moderate
CVE-2024-21653 was published for vantage6 (pip) Jan 30, 2024
Sandbox escape in Artemis Java Test Sandbox High
CVE-2024-23681 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024
Broken Access Control order API in Shopware Moderate
CVE-2024-22407 was published for shopware/core (Composer) Jan 17, 2024
EverShop at risk to unauthorized access via weak HMAC secret High
CVE-2023-46943 was published for @evershop/evershop (npm) Jan 13, 2024
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR) Critical
CVE-2024-22206 was published for @clerk/nextjs (npm) Jan 12, 2024
nikosdouvlis SokratisVidros
colinclerk agis braden-clerk BRKalow
Drupal Improper Access Control Critical
CVE-2019-6342 was published for drupal/core (Composer) Jan 11, 2024
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts Moderate
CVE-2024-21667 was published for pimcore/customer-management-framework-bundle (Composer) Jan 10, 2024
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list Moderate
CVE-2024-21666 was published for pimcore/customer-management-framework-bundle (Composer) Jan 10, 2024
Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list Moderate
CVE-2024-21665 was published for pimcore/ecommerce-framework-bundle (Composer) Jan 10, 2024
ProTip! Advisories are also available from the GraphQL API