Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

50 advisories

Loading
XWiki allows remote code execution through the extension sheet Critical
CVE-2024-55662 was published for org.xwiki.platform:xwiki-platform-repository-server-ui (Maven) Dec 12, 2024
Improper Authentication vulnerability in Apache Solr Critical
CVE-2024-45216 was published for org.apache.solr:solr (Maven) Oct 16, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints Critical
CVE-2024-42490 was published for goauthentik.io (Go) Aug 22, 2024
m2a2
fabedge has insecure permissions Critical
CVE-2024-36536 was published for github.com/fabedge/fabedge (Go) Jul 24, 2024
XWiki programming rights may be inherited by inclusion Critical
CVE-2024-38369 was published for org.xwiki.platform:xwiki-platform-rendering-macro-include (Maven) Jun 24, 2024
Apache Submarine Server Core Incorrect Authorization vulnerability Critical
CVE-2024-36265 was published for apache-submarine (Maven) Jun 12, 2024
lunary-ai/lunary allows users unauthorized access to projects Critical
CVE-2024-4146 was published for lunary (npm) Jun 8, 2024 withdrawn
vincelwt
Grafana Fine-grained access control vulnerability Critical
CVE-2021-41244 was published for github.com/grafana/grafana (Go) May 14, 2024
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions Critical
CVE-2024-25108 was published for pixelfed/pixelfed (Composer) Feb 12, 2024
ThisIsMissEm nivenly-foundation
Buildkit's interactive containers API does not validate entitlements check Critical
CVE-2024-23653 was published for github.com/moby/buildkit (Go) Jan 31, 2024
rmcnamara-snyk
XWiki Platform privilege escalation from script right to programming right through title displayer Critical
CVE-2023-46244 was published for org.xwiki.platform:xwiki-platform-display-api (Maven) Nov 7, 2023
Vyper has incorrectly allocated named re-entrancy locks Critical
CVE-2023-39363 was published for vyper (pip) Aug 9, 2023
trocher
Apache Pulsar Incorrect Authorization vulnerability Critical
CVE-2023-30429 was published for org.apache.pulsar:pulsar (Maven) Jul 12, 2023
Improper configuration of RBAC permissions obtaining cluster control permissions Critical
CVE-2023-33190 was published for github.com/labring/sealos (Go) Jun 30, 2023
DVKunion
Privilege escalation (PR)/RCE from account through class sheet Critical
CVE-2023-32069 was published for org.xwiki.platform:xwiki-platform-test-ui (Maven) May 11, 2023
Privilege escalation in MOSN Critical
CVE-2021-32163 was published for mosn.io/mosn (Go) Feb 17, 2023
Users with any cluster secret update access may update out-of-bounds cluster secrets Critical
CVE-2023-23947 was published for github.com/argoproj/argo-cd (Go) Feb 16, 2023
crenshaw-dev
Dompdf vulnerable to URI validation failure on SVG parsing Critical
CVE-2023-23924 was published for dompdf/dompdf (Composer) Feb 1, 2023
Blaklis
JWT audience claim is not verified Critical
CVE-2023-22482 was published for github.com/argoproj/argo-cd (Go) Jan 25, 2023
farcaller
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter) Critical
CVE-2022-47408 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
ohader tdunlap607
Spring Security authorization rules can be bypassed via forward or include dispatcher types Critical
CVE-2022-31692 was published for org.springframework.security:spring-security-core (Maven) Nov 1, 2022
Field-level access-control bypass for multiselect field Critical
CVE-2022-39322 was published for @keystone-6/core (npm) Oct 18, 2022
marekryb
Pebble Templates protection mechanism bypass can lead to arbitrary code execution Critical
CVE-2022-37767 was published for io.pebbletemplates:pebble (Maven) Sep 13, 2022
Openstack Keystone Incorrect Authorization vulnerability Critical
CVE-2021-3563 was published for keystone (pip) Aug 27, 2022
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails Critical
CVE-2022-35924 was published for next-auth (npm) Aug 2, 2022
aried3r feross
ProTip! Advisories are also available from the GraphQL API