Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

37 advisories

Loading
Ignition config accessible to unprivileged software on VMware Moderate
CVE-2022-1706 was published for github.com/coreos/ignition (Go) May 25, 2022
jonaz bgilbert
Duplicate advisory: Configuration exposure in github.com/coreos/ignition Moderate
GHSA-mjqc-5c9x-xfcc was published for github.com/coreos/ignition/v2 (Go) May 18, 2022 withdrawn
AAD Pod Identity obtaining token with backslash Moderate
CVE-2022-23551 was published for github.com/Azure/aad-pod-identity (Go) Dec 21, 2022
Incorrect Authorization in HashiCorp Consul Moderate
CVE-2020-7955 was published for github.com/hashicorp/consul (Go) Jul 28, 2021
gomatrixserverlib and Dendrite vulnerable to incorrect parsing of the event default power level in event auth Moderate
CVE-2022-36009 was published for github.com/matrix-org/dendrite (Go) Aug 30, 2022
Improper Input Validation Moderate
CVE-2021-3499 was published for github.com/ovn-org/ovn-kubernetes (Go) Jun 8, 2021
OIDC claims not updated from Identity Provider in Pomerium Moderate
CVE-2021-41230 was published for github.com/pomerium/pomerium (Go) Nov 10, 2021
Potential network policy bypass when routing IPv6 traffic Moderate
CVE-2023-27594 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ysksuzuki
OpenFGA Authorization Bypass Moderate
CVE-2022-39352 was published for github.com/openfga/openfga (Go) Nov 8, 2022
tdunlap607
Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution Moderate
CVE-2022-31683 was published for github.com/concourse/concourse (Go) Oct 19, 2022
rickramgattie tdunlap607
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint Moderate
CVE-2022-39340 was published for github.com/openfga/openfga (Go) Oct 25, 2022
OpenFGA Authorization Bypass via tupleset wildcard Moderate
CVE-2022-39341 was published for github.com/openfga/openfga (Go) Oct 25, 2022
OpenFGA Authorization Bypass Moderate
CVE-2022-39342 was published for github.com/openfga/openfga (Go) Oct 25, 2022
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4811 was published for github.com/usememos/memos (Go) Dec 28, 2022
Access Restriction Bypass in kube-apiserver Moderate
CVE-2021-25735 was published for k8s.io/kubernetes (Go) May 28, 2021
jhutchings1
Istio Authorization Bypass Vulnerability Moderate
CVE-2021-31920 was published for istio.io/istio (Go) May 24, 2022 withdrawn
In github.com/pion/webrtc, failed DTLS certificate verification doesn't stop data channel communication Moderate
CVE-2021-28681 was published for github.com/pion/webrtc/v3 (Go) May 25, 2021
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2023-5194 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
On a compromised node, the fluid-csi service account can be used to modify node specs Moderate
CVE-2023-30840 was published for github.com/fluid-cloudnative/fluid (Go) May 9, 2023
Mattermost does not validate requesting user permissions before updating admin details Moderate
CVE-2023-4107 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2023-5195 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
1Panel Arbitrary File Download vulnerability Moderate
CVE-2023-39965 was published for github.com/1Panel-dev/1Panel (Go) Aug 10, 2023
qiulongk
Privilege Escalation in HashiCorp Consul Moderate
CVE-2020-28053 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
Email Validation Bypass And Preventing Sign Up From Email's Owner Moderate
CVE-2023-6152 was published for github.com/grafana/grafana (Go) Feb 13, 2024
negrel
ProTip! Advisories are also available from the GraphQL API