Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

18 advisories

Loading
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion Moderate
CVE-2024-43784 was published for github.com/treeverse/lakefs (Go) Nov 26, 2024
N-o-Z
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata Moderate
CVE-2024-52522 was published for github.com/rclone/rclone (Go) Nov 19, 2024
hakong ncw
SpiceDB exclusions can result in no permission returned when permission expected Moderate
CVE-2024-38361 was published for github.com/authzed/spicedb (Go) Jun 20, 2024
Podman publishes a malicious image to public registries High
CVE-2022-1227 was published for github.com/containers/podman/v3 (Go) Apr 30, 2022
andrewpollock
Grafana folders admin only permission privilege escalation High
CVE-2022-36062 was published for github.com/grafana/grafana (Go) May 14, 2024
`docker cp` allows unexpected chmod of host files in Moby Docker Engine Low
CVE-2021-41089 was published for github.com/docker/docker (Go) Jun 10, 2024
LevanaXr ssst0n3
Moby (Docker Engine) Insufficiently restricted permissions on data directory Moderate
CVE-2021-41091 was published for github.com/docker/docker (Go) Jan 31, 2024
joanbm AlonZa
neersighted
Authelia's Group Changes may not have the expected results (YAML file backend) Low
GHSA-x883-2vmg-xwf7 was published for github.com/authelia/authelia/v4 (Go) Apr 22, 2024
ezrizhu
Improper Preservation of Permissions in etcd Moderate
CVE-2020-15113 was published for github.com/etcd-io/etcd (Go) Jan 30, 2024
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki Moderate
CVE-2021-3978 was published for github.com/cloudflare/cfrpki (Go) Nov 19, 2021
ties
runc AppArmor bypass with symlinked /proc Moderate
CVE-2023-28642 was published for github.com/opencontainers/runc (Go) Mar 30, 2023
ssst0n3
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc Low
CVE-2023-25809 was published for github.com/opencontainers/runc (Go) Mar 30, 2023
AkihiroSuda
Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux High
CVE-2021-43816 was published for github.com/containerd/containerd (Go) Jan 6, 2022
Access control flaw in Kiali High
CVE-2021-3495 was published for github.com/kiali/kiali (Go) Jun 8, 2021
AList vulnerable to Improper Preservation of Permissions High
CVE-2022-45968 was published for github.com/alist-org/alist/v3 (Go) Dec 12, 2022
HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 Critical
CVE-2021-38553 was published for github.com/hashicorp/vault (Go) Aug 30, 2021
avivdolev
Insecure Permissions in Gogs Moderate
CVE-2020-14958 was published for gogs.io/gogs (Go) May 18, 2021
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete High
GHSA-28q9-9c3g-v3f9 was published for github.com/treeverse/lakefs (Go) Sep 23, 2022
ProTip! Advisories are also available from the GraphQL API