Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

86 advisories

Loading
Hashicorp Nomad Incorrect Authorization vulnerability Moderate
CVE-2024-10975 was published for github.com/hashicorp/nomad (Go) Nov 7, 2024
Kyverno's PolicyException objects can be created in any namespace by default High
CVE-2024-48921 was published for github.com/kyverno/kyverno (Go) Oct 29, 2024
jeidsath
Pomerium service account access token may grant unintended access to databroker API High
CVE-2024-47616 was published for github.com/pomerium/pomerium (Go) Oct 2, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints Critical
CVE-2024-42490 was published for goauthentik.io (Go) Aug 22, 2024
m2a2
Capsule tenant owner with "patch namespace" permission can hijack system namespaces High
CVE-2024-39690 was published for github.com/projectcapsule/capsule (Go) Aug 20, 2024
sparkEchooo
OpenFGA Authorization Bypass High
CVE-2024-42473 was published for github.com/openfga/openfga (Go) Aug 9, 2024
sidneibjunior
fabedge has insecure permissions Critical
CVE-2024-36536 was published for github.com/fabedge/fabedge (Go) Jul 24, 2024
NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects High
CVE-2022-29946 was published for github.com/nats-io/nats-server/v2 (Go) Jul 11, 2024
Evmos vulnerable to exploit of smart contract account and vesting High
CVE-2024-39696 was published for github.com/evmos/evmos/v18 (Go) Jul 10, 2024
GAtom22
SFTPGo has insufficient access control for password reset Moderate
CVE-2024-37897 was published for github.com/drakkan/sftpgo/v2 (Go) Jun 20, 2024
t7tran
Evmos allows unvested token delegations Moderate
CVE-2024-37154 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
Grafana account takeover via OAuth vulnerability High
CVE-2022-31107 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana API IDOR Moderate
CVE-2022-21713 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Fine-grained access control vulnerability Critical
CVE-2021-41244 was published for github.com/grafana/grafana (Go) May 14, 2024
OpenFGA Authorization Bypass High
CVE-2024-31452 was published for github.com/openfga/openfga (Go) Apr 16, 2024
Argo CD's API server does not enforce project sourceNamespaces Moderate
CVE-2024-31990 was published for github.com/argoproj/argo-cd/v2 (Go) Apr 15, 2024
crenshaw-dev pasha-codefresh
ZITADEL's actions can overload reserved claims High
CVE-2024-29892 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
schettn fforootd
adlerhurst livio-a
1Panel open source panel project has an unauthorized vulnerability. Moderate
CVE-2024-27288 was published for github.com/1Panel-dev/1Panel (Go) Mar 6, 2024
Email Validation Bypass And Preventing Sign Up From Email's Owner Moderate
CVE-2023-6152 was published for github.com/grafana/grafana (Go) Feb 13, 2024
negrel
Mattermost Jira Plugin does not properly check security levels Moderate
CVE-2024-24774 was published for github.com/mattermost/mattermost-plugin-jira (Go) Feb 9, 2024
Privilege Escalation in HashiCorp Consul Moderate
CVE-2020-28053 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
Buildkit's interactive containers API does not validate entitlements check Critical
CVE-2024-23653 was published for github.com/moby/buildkit (Go) Jan 31, 2024
rmcnamara-snyk
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2023-5195 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
Mattermost Incorrect Authorization vulnerability Low
CVE-2023-5159 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
Mattermost Incorrect Authorization vulnerability Low
CVE-2023-5193 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
ProTip! Advisories are also available from the GraphQL API