Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,889 advisories

Loading
Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams Moderate
CVE-2024-42497 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost allows team admin user without "Add Team Members" permission to disable invite URL Low
CVE-2024-40884 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
memos CORS Misconfiguration in server.go (GHSL-2024-034) High
CVE-2024-41659 was published for github.com/usememos/memos (Go) Aug 22, 2024
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036) Moderate
CVE-2024-41658 was published for github.com/casdoor/casdoor (Go) Aug 22, 2024
Casdoor CORS misconfiguration (GHSL-2024-035) High
CVE-2024-41657 was published for github.com/casdoor/casdoor (Go) Aug 22, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints High
CVE-2024-42490 was published for goauthentik.io (Go) Aug 22, 2024
m2a2
Mattermost allows remote/synthetic users to create sessions, reset passwords Moderate
CVE-2024-39836 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost doesn't restrict which roles can promote a user as system admin Moderate
CVE-2024-8071 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost doesn't redact remote users' original email addresses Moderate
CVE-2024-32939 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost Cross-Site Request Forgery vulnerability Moderate
CVE-2024-40886 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
CWA-2024-006: wasmd non-deterministic module_query_safe query Moderate
GHSA-fpgj-cr28-fvpx was published for github.com/CosmWasm/wasmd (Go) Aug 21, 2024
amimart
CWA-2024-005: Stackoverflow in wasmd High
GHSA-g8w7-7vgg-x7xg was published for github.com/CosmWasm/wasmd (Go) Aug 21, 2024
unknownfeature
Openshift Console insufficient entropy vulnerability High
CVE-2024-6508 was published for github.com/openshift/console (Go) Aug 21, 2024
Kanister vulnerable to cluster-level privilege escalation High
CVE-2024-43403 was published for github.com/kanisterio/kanister (Go) Aug 20, 2024
younaman
LF Edge eKuiper has a SQL Injection in sqlKvStore High
CVE-2024-43406 was published for ekuiper (Go) Aug 20, 2024
leonnewton
Capsule tenant owner with "patch namespace" permission can hijack system namespaces High
CVE-2024-39690 was published for github.com/projectcapsule/capsule (Go) Aug 20, 2024
sparkEchooo
Grafana plugin data sources vulnerable to access control bypass Moderate
CVE-2024-6322 was published for github.com/grafana/grafana (Go) Aug 20, 2024
Trufflehog vulnerable to Blind SSRF in some Detectors Low
CVE-2024-43379 was published for github.com/trufflesecurity/trufflehog/v3 (Go) Aug 19, 2024
abankalarm
Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API Moderate
CVE-2024-42486 was published for github.com/cilium/cilium (Go) Aug 16, 2024
sayboras
Gateway API route matching order contradicts specification Moderate
CVE-2024-42487 was published for github.com/cilium/cilium (Go) Aug 15, 2024
sayboras
Policy bypass for Host Firewall policy due to race condition in Cilium agent Moderate
CVE-2024-42488 was published for github.com/cilium/cilium (Go) Aug 15, 2024
skmatti
SQL injection in github.com/stashapp/stash Critical
CVE-2024-32231 was published for github.com/stashapp/stash (Go) Aug 15, 2024
Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking Moderate
CVE-2024-7625 was published for github.com/hashicorp/nomad (Go) Aug 15, 2024
Cosmos Hub (Gaia): The check for the height of cryptographic equivocation evidence is missing Moderate
GHSA-83qr-9v2h-qxp4 was published for github.com/cosmos/gaia (Go) Aug 14, 2024
open-telemetry has an Observable Timing Discrepancy Moderate
CVE-2024-42368 was published for github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension (Go) Aug 13, 2024
axw arminru
frzifus mx-psi evan-bradley
ProTip! Advisories are also available from the GraphQL API