GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
39 advisories
Filter by severity
Unchecked hostname resolution could allow access to local network resources by users outside the local network
Moderate
GHSA-6rg3-8h8x-5xfv
was published
for
github.com/pterodactyl/wings
(Go)
Jun 23, 2021
usememos/memos vulnerable to improper access control
Moderate
CVE-2022-4685
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server
Moderate
CVE-2021-22565
was published
for
github.com/google/exposure-notifications-verification-server
(Go)
Nov 10, 2021
usememos/memos Improper Access Control vulnerability
Moderate
CVE-2022-4806
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Access Control vulnerability
Moderate
CVE-2022-4814
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Access Control vulnerability
Moderate
CVE-2022-4810
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Access Control vulnerability
Moderate
CVE-2022-4807
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
Limited ability to spoof SAML authentication with missing audience verification in Fleet
Moderate
CVE-2022-23600
was published
for
github.com/fleetdm/fleet/v4
(Go)
Feb 7, 2022
Improper Access Control in github.com/treeverse/lakefs
Moderate
GHSA-m836-gxwq-j2pm
was published
for
github.com/treeverse/lakefs
(Go)
Oct 28, 2021
Grafana has Broken Access Control in Alert manager: Viewer can send test alerts
Moderate
CVE-2023-2183
was published
for
github.com/grafana/grafana
(Go)
Jun 12, 2023
Access Restriction Bypass in kube-apiserver
Moderate
CVE-2021-25735
was published
for
k8s.io/kubernetes
(Go)
May 28, 2021
Kubernetes arbitrary file overwrite
Moderate
CVE-2017-1002102
was published
for
k8s.io/kubernetes
(Go)
May 13, 2022
Authorization bypass in Istio
Moderate
CVE-2020-16844
was published
for
istio.io/istio
(Go)
Feb 15, 2022
kyverno seccomp control can be circumvented
Moderate
CVE-2023-33191
was published
for
github.com/kyverno/kyverno
(Go)
May 25, 2023
Mattermost does not validate requesting user permissions before updating admin details
Moderate
CVE-2023-4107
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
Mattermost fails to check if user is a guest before performing actions on public playbooks
Moderate
CVE-2023-4106
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
Duplicate Advisory: Grafana Improper Access Control vulnerability
Moderate
GHSA-wm7r-3qxj-5xgq
was published
for
github.com/grafana/grafana
(Go)
Jun 6, 2023
•
withdrawn
Mattermost Improper Access Control vulnerability
Moderate
CVE-2023-47865
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Mattermost Improper Access Control vulnerability
Moderate
CVE-2023-6202
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Gitea Arbitrary File Delete Vulnerability
Moderate
CVE-2019-1000002
was published
for
code.gitea.io/gitea
(Go)
May 13, 2022
OpenFGA Authorization Bypass
Moderate
CVE-2023-40579
was published
for
github.com/openfga/openfga
(Go)
Aug 25, 2023
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull
Moderate
CVE-2024-34068
was published
for
github.com/pterodactyl/wings
(Go)
May 3, 2024
Mattermost viewing archived public channels permissions vulnerability
Moderate
CVE-2023-47858
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Jan 2, 2024
Mattermost fails to check the "invite_guest" permission
Moderate
CVE-2024-1888
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost allows attackers access to posts in channels they are not a member of
Moderate
CVE-2024-1942
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
ProTip!
Advisories are also available from the
GraphQL API