Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,039
Erlang
29
GitHub Actions
18
Go
1,864
Maven
5,000+
npm
3,587
NuGet
636
pip
3,176
Pub
10
RubyGems
852
Rust
805
Swift
34
Unreviewed advisories
All unreviewed
5,000+

36 advisories

GoAuthentik vulnerable to Insufficient Authorization for several API endpoints High
CVE-2024-42490 was published for goauthentik.io (Go) Aug 22, 2024
OpenFGA Authorization Bypass High
CVE-2024-42473 was published for github.com/openfga/openfga (Go) Aug 9, 2024
sidneibjunior
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims Low
CVE-2024-5798 was published for github.com/hashicorp/vault (Go) Jun 12, 2024
Evmos allows unvested token delegations Moderate
CVE-2024-37154 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
OpenFGA Authorization Bypass High
CVE-2024-31452 was published for github.com/openfga/openfga (Go) Apr 16, 2024
`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user High
CVE-2024-27916 was published for github.com/stacklok/minder (Go) Mar 5, 2024
dmjb
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers High
CVE-2023-3518 was published for github.com/hashicorp/consul (Go) Aug 9, 2023
anonymous4ACL24
Kyverno resource with a deletionTimestamp may allow policy circumvention Moderate
CVE-2023-34091 was published for github.com/kyverno/kyverno (Go) Jun 5, 2023
bburky
Pomerium vulnerable to Incorrect Authorization with specially crafted requests Critical
CVE-2023-33189 was published for github.com/pomerium/pomerium (Go) May 26, 2023
nonsleepr
HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation High
CVE-2023-1782 was published for github.com/hashicorp/nomad (Go) Apr 5, 2023
HashiCorp Vault's PKI mount vulnerable to denial of service Moderate
CVE-2023-0665 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
Potential network policy bypass when routing IPv6 traffic Moderate
CVE-2023-27594 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ysksuzuki
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster High
CVE-2022-21953 was published for github.com/rancher/rancher (Go) Jan 25, 2023
KubeOperator allows unauthorized access to system API High
CVE-2023-22480 was published for github.com/KubeOperator/KubeOperator (Go) Jan 9, 2023
suanve
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4811 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4798 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos vulnerable to Improper Authorization Moderate
CVE-2022-4802 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4804 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos vulnerable to improper authorization High
CVE-2022-4688 was published for github.com/usememos/memos (Go) Dec 23, 2022
OpenFGA Authorization Bypass High
CVE-2022-23542 was published for github.com/openfga/openfga (Go) Dec 20, 2022
OpenFGA Authorization Bypass via tupleset wildcard Moderate
CVE-2022-39341 was published for github.com/openfga/openfga (Go) Oct 25, 2022
OpenFGA Authorization Bypass Moderate
CVE-2022-39342 was published for github.com/openfga/openfga (Go) Oct 25, 2022
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint Moderate
CVE-2022-39340 was published for github.com/openfga/openfga (Go) Oct 25, 2022
Bytebase allows low-privilege users to view admin projects Moderate
CVE-2022-32170 was published for github.com/bytebase/bytebase (Go) Sep 29, 2022
Netmaker vulnerable to Insufficient Granularity of Access Control High
CVE-2022-36110 was published for github.com/gravitl/netmaker (Go) Sep 15, 2022
ProTip! Advisories are also available from the GraphQL API