GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
Mattermost server allows authenticated user to delete arbitrary post
Moderate
CVE-2024-50052
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 29, 2024
Pebble service manager's file pull API allows access by any user
Moderate
CVE-2024-3250
was published
for
github.com/canonical/pebble
(Go)
Apr 5, 2024
Mattermost fails to correctly delete attachments
Low
CVE-2023-4105
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
Mattermost fails to check if user is a guest before performing actions on public playbooks
Moderate
CVE-2023-4106
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
1Panel arbitrary file write vulnerability
High
CVE-2023-39966
was published
for
github.com/1Panel-dev/1Panel
(Go)
Aug 10, 2023
Answer Missing Authorization vulnerability
High
CVE-2023-4124
was published
for
github.com/answerdev/answer
(Go)
Aug 3, 2023
Nomad Search API Leaks Information About CSI Plugins
Moderate
CVE-2023-3300
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
Nomad ACL Policies without Label are Applied to Unexpected Resources
Moderate
CVE-2023-3072
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
Sealos billing system permission control defect
High
CVE-2023-36815
was published
for
github.com/labring/sealos
(Go)
Jun 30, 2023
Mattermost Server Missing Authorization vulnerability
Moderate
CVE-2023-2783
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Jun 16, 2023
Duplicate Advisory: Grafana Improper Access Control vulnerability
Moderate
GHSA-wm7r-3qxj-5xgq
was published
for
github.com/grafana/grafana
(Go)
Jun 6, 2023
•
withdrawn
Answer Missing Authorization vulnerability
Low
CVE-2023-2590
was published
for
github.com/answerdev/answer
(Go)
May 9, 2023
HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation
High
CVE-2023-1782
was published
for
github.com/hashicorp/nomad
(Go)
Apr 5, 2023
Mattermost fails to properly authentication inviter's permissions to private channel
Moderate
CVE-2023-1774
was published
for
github.com/mattermost/mattermost-server
(Go)
Mar 31, 2023
Controller reconciles apps outside configured namespaces when sharding is enabled
High
CVE-2023-22736
was published
for
github.com/argoproj/argo-cd
(Go)
Jan 25, 2023
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
High
CVE-2022-21953
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Velociraptor vulnerable to Missing Authorization
High
CVE-2023-0242
was published
for
www.velocidex.com/golang/velociraptor
(Go)
Jan 18, 2023
KubePi may allow unauthorized access to system API
High
CVE-2023-22478
was published
for
github.com/KubeOperator/kubepi
(Go)
Jan 9, 2023
Missing Authorization in HashiCorp Consul
High
CVE-2022-3920
was published
for
github.com/hashicorp/consul
(Go)
Nov 16, 2022
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint
Moderate
CVE-2022-39340
was published
for
github.com/openfga/openfga
(Go)
Oct 25, 2022
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Critical
CVE-2022-39222
was published
for
github.com/dexidp/dex
(Go)
Oct 3, 2022
HashiCorp Consul does not properly validate node or segment names prior to usage in JWT claim assertions
High
CVE-2021-41803
was published
for
github.com/hashicorp/consul
(Go)
Sep 25, 2022
Mattermost Server Sensitive Data Exposure
Moderate
CVE-2020-14457
was published
for
github.com/mattermost/mattermost
(Go)
May 24, 2022
Insecure plugin handling in Mattermost
High
CVE-2022-1384
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Apr 20, 2022
Improper access control allows admin privilege escalation in Argo CD
Critical
CVE-2022-24768
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
ProTip!
Advisories are also available from the
GraphQL API