GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,934
Maven
5,000+
npm
3,668
NuGet
642
pip
3,287
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+
39 advisories
Filter by severity
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission
Low
CVE-2024-46989
was published
for
github.com/authzed/spicedb
(Go)
Sep 18, 2024
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability
Moderate
CVE-2024-45043
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
(Go)
Aug 29, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window
Moderate
CVE-2024-45244
was published
for
github.com/hyperledger/fabric
(Go)
Aug 25, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints
High
CVE-2024-42490
was published
for
goauthentik.io
(Go)
Aug 22, 2024
OpenFGA Authorization Bypass
High
CVE-2024-42473
was published
for
github.com/openfga/openfga
(Go)
Aug 9, 2024
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Low
CVE-2024-5798
was published
for
github.com/hashicorp/vault
(Go)
Jun 12, 2024
Evmos allows unvested token delegations
Moderate
CVE-2024-37154
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
OpenFGA Authorization Bypass
High
CVE-2024-31452
was published
for
github.com/openfga/openfga
(Go)
Apr 16, 2024
`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user
High
CVE-2024-27916
was published
for
github.com/stacklok/minder
(Go)
Mar 5, 2024
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers
High
CVE-2023-3518
was published
for
github.com/hashicorp/consul
(Go)
Aug 9, 2023
Kyverno resource with a deletionTimestamp may allow policy circumvention
Moderate
CVE-2023-34091
was published
for
github.com/kyverno/kyverno
(Go)
Jun 5, 2023
Pomerium vulnerable to Incorrect Authorization with specially crafted requests
Critical
CVE-2023-33189
was published
for
github.com/pomerium/pomerium
(Go)
May 26, 2023
HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation
High
CVE-2023-1782
was published
for
github.com/hashicorp/nomad
(Go)
Apr 5, 2023
HashiCorp Vault's PKI mount vulnerable to denial of service
Moderate
CVE-2023-0665
was published
for
github.com/hashicorp/vault
(Go)
Mar 30, 2023
Potential network policy bypass when routing IPv6 traffic
Moderate
CVE-2023-27594
was published
for
github.com/cilium/cilium
(Go)
Mar 17, 2023
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
High
CVE-2022-21953
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
KubeOperator allows unauthorized access to system API
High
CVE-2023-22480
was published
for
github.com/KubeOperator/KubeOperator
(Go)
Jan 9, 2023
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4811
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4798
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4804
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos vulnerable to Improper Authorization
Moderate
CVE-2022-4802
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos vulnerable to improper authorization
High
CVE-2022-4688
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
OpenFGA Authorization Bypass
High
CVE-2022-23542
was published
for
github.com/openfga/openfga
(Go)
Dec 20, 2022
OpenFGA Authorization Bypass via tupleset wildcard
Moderate
CVE-2022-39341
was published
for
github.com/openfga/openfga
(Go)
Oct 25, 2022
OpenFGA Authorization Bypass
Moderate
CVE-2022-39342
was published
for
github.com/openfga/openfga
(Go)
Oct 25, 2022
ProTip!
Advisories are also available from the
GraphQL API