Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

37 advisories

Loading
Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs Moderate
CVE-2022-31671 was published for github.com/goharbor/harbor (Go) Sep 9, 2022
Harbor fails to validate the user permissions when updating a robot account Moderate
CVE-2022-31667 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
andrewpollock
Harbor fails to validate the user permissions when updating tag immutability policies Moderate
CVE-2022-31669 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
michaelkedar
Mattermost Jira Plugin does not properly check security levels Moderate
CVE-2024-24774 was published for github.com/mattermost/mattermost-plugin-jira (Go) Feb 9, 2024
Hashicorp Nomad Incorrect Authorization vulnerability Moderate
CVE-2024-10975 was published for github.com/hashicorp/nomad (Go) Nov 7, 2024
Evmos allows unvested token delegations Moderate
CVE-2024-37154 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
Supplementary groups are not set up properly in github.com/containerd/containerd Moderate
CVE-2023-25173 was published for github.com/containerd/containerd (Go) Feb 16, 2023
SFTPGo has insufficient access control for password reset Moderate
CVE-2024-37897 was published for github.com/drakkan/sftpgo/v2 (Go) Jun 20, 2024
t7tran
Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions Moderate
CVE-2022-36109 was published for github.com/docker/docker (Go) Sep 16, 2022
sjmurdoch neersighted
Grafana API IDOR Moderate
CVE-2022-21713 was published for github.com/grafana/grafana (Go) May 14, 2024
Argo CD's API server does not enforce project sourceNamespaces Moderate
CVE-2024-31990 was published for github.com/argoproj/argo-cd/v2 (Go) Apr 15, 2024
crenshaw-dev pasha-codefresh
1Panel open source panel project has an unauthorized vulnerability. Moderate
CVE-2024-27288 was published for github.com/1Panel-dev/1Panel (Go) Mar 6, 2024
Email Validation Bypass And Preventing Sign Up From Email's Owner Moderate
CVE-2023-6152 was published for github.com/grafana/grafana (Go) Feb 13, 2024
negrel
Privilege Escalation in HashiCorp Consul Moderate
CVE-2020-28053 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
1Panel Arbitrary File Download vulnerability Moderate
CVE-2023-39965 was published for github.com/1Panel-dev/1Panel (Go) Aug 10, 2023
qiulongk
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2023-5195 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
Mattermost does not validate requesting user permissions before updating admin details Moderate
CVE-2023-4107 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
On a compromised node, the fluid-csi service account can be used to modify node specs Moderate
CVE-2023-30840 was published for github.com/fluid-cloudnative/fluid (Go) May 9, 2023
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2023-5194 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
In github.com/pion/webrtc, failed DTLS certificate verification doesn't stop data channel communication Moderate
CVE-2021-28681 was published for github.com/pion/webrtc/v3 (Go) May 25, 2021
Istio Authorization Bypass Vulnerability Moderate
CVE-2021-31920 was published for istio.io/istio (Go) May 24, 2022 withdrawn
Access Restriction Bypass in kube-apiserver Moderate
CVE-2021-25735 was published for k8s.io/kubernetes (Go) May 28, 2021
jhutchings1
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4811 was published for github.com/usememos/memos (Go) Dec 28, 2022
OpenFGA Authorization Bypass Moderate
CVE-2022-39342 was published for github.com/openfga/openfga (Go) Oct 25, 2022
OpenFGA Authorization Bypass via tupleset wildcard Moderate
CVE-2022-39341 was published for github.com/openfga/openfga (Go) Oct 25, 2022
ProTip! Advisories are also available from the GraphQL API