Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

30 advisories

Loading
Improper Access Control in Lightning Network Daemon High
CVE-2019-12999 was published for github.com/lightningnetwork/lnd (Go) May 18, 2021
Improper Input Validation in libseccomp-golang High
CVE-2017-18367 was published for github.com/seccomp/libseccomp-golang (Go) May 18, 2021
Go JOSE Signature Validation Bypass High
CVE-2016-9122 was published for gopkg.in/square/go-jose.v1 (Go) May 18, 2021
Legacy Node API Allows Impersonation in github.com/spiffe/spire/pkg/server/endpoints/node High
CVE-2021-27098 was published for github.com/spiffe/spire (Go) May 21, 2021
c53robin
Incorrect handling of credential expiry by /nats-io/nats-server High
GHSA-2c64-vj8g-vwrq was published for github.com/nats-io/jwt (Go) May 21, 2021
Istio may not check inbound TCP connections against istio-policy High
CVE-2019-12243 was published for istio.io/istio (Go) Feb 15, 2022
Duplicate Advisory: Incorrect Access Control in github.com/nats-io/jwt and github.com/nats-io/nats-server/v2 High
GHSA-9r5x-fjv3-q6h4 was published for github.com/nats-io/jwt (Go) Feb 15, 2022 withdrawn
Access Restriction Bypass in kubernetes High
CVE-2016-1905 was published for github.com/kubernetes/kubernetes (Go) Feb 15, 2022
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server High
CVE-2022-24730 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt jessesuen
HashiCorp Consul Access Restriction Bypass High
CVE-2019-8336 was published for github.com/hashicorp/consul (Go) May 13, 2022
Argo CD improper access control bug can allow malicious user to escalate privileges to admin level High
CVE-2022-1025 was published for github.com/argoproj/argo-cd (Go) Jul 13, 2022
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure High
CVE-2022-2995 was published for github.com/cri-o/cri-o (Go) Sep 20, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete High
GHSA-28q9-9c3g-v3f9 was published for github.com/treeverse/lakefs (Go) Sep 23, 2022
usememos/memos vulnerable to account takeover due to improper access control High
CVE-2022-4689 was published for github.com/usememos/memos (Go) Dec 23, 2022
usememos/memos Improper Access Control vulnerability High
CVE-2022-4684 was published for github.com/usememos/memos (Go) Dec 23, 2022
usememos/memos Improper Access Control vulnerability High
CVE-2022-4803 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Access Control vulnerability High
CVE-2022-4809 was published for github.com/usememos/memos (Go) Dec 28, 2022
GitOps Run allows for Kubernetes workload injection High
CVE-2022-23508 was published for github.com/weaveworks/weave-gitops (Go) Jan 9, 2023
pjbgf
Privilege escalation in project role template binding (PRTB) and -promoted roles High
CVE-2022-43759 was published for github.com/rancher/rancher (Go) Jan 25, 2023
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster High
CVE-2022-21953 was published for github.com/rancher/rancher (Go) Jan 25, 2023
HashiCorp Consul Incorrect Access Control vulnerability High
CVE-2019-12291 was published for github.com/hashicorp/consul (Go) Jun 9, 2023
Mattermost post fetching without auditing in compliance export High
CVE-2024-1887 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost fails to authenticate the source of certain types of post actions High
CVE-2024-2447 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
Access Restriction Bypass in go-ipfs High
CVE-2020-10937 was published for github.com/ipfs/go-ipfs (Go) Apr 24, 2024
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication High
CVE-2021-36775 was published for github.com/rancher/rancher (Go) Apr 24, 2024
ProTip! Advisories are also available from the GraphQL API