Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

952 advisories

Loading
Hwameistor Potential Permission Leakage of Cluster Level Moderate
CVE-2024-45054 was published for github.com/hwameistor/hwameistor (Go) Aug 29, 2024
younaman
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability Moderate
CVE-2024-45043 was published for github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver (Go) Aug 29, 2024
DouglasHeriot Aneurysm9
arminru
CWA-2023-004: Excessive number of function parameters in compiled Wasm Moderate
GHSA-75qh-gg76-p2w4 was published for cosmwasm-vm (Go) Aug 27, 2024
req may send an unintended request when a malformed URL is provided Moderate
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window Moderate
CVE-2024-45244 was published for github.com/hyperledger/fabric (Go) Aug 25, 2024
Mattermost Plugin Channel Export excessive resource consumption Moderate
CVE-2024-43105 was published for github.com/mattermost/mattermost-plugin-channel-export (Go) Aug 23, 2024
c0rydoras
Mattermost allows guest user with read access to upload files to a channel Moderate
CVE-2024-43780 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost allows team admin user without "Add Team Members" permission to disable invite URL Moderate
CVE-2024-40884 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036) Moderate
CVE-2024-41658 was published for github.com/casdoor/casdoor (Go) Aug 22, 2024
Mattermost Cross-Site Request Forgery vulnerability Moderate
CVE-2024-40886 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost doesn't redact remote users' original email addresses Moderate
CVE-2024-32939 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost allows remote/synthetic users to create sessions, reset passwords Moderate
CVE-2024-39836 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost doesn't restrict which roles can promote a user as system admin Moderate
CVE-2024-8071 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
CWA-2024-006: wasmd non-deterministic module_query_safe query Moderate
GHSA-fpgj-cr28-fvpx was published for github.com/CosmWasm/wasmd (Go) Aug 21, 2024
amimart
Openshift Console insufficient entropy vulnerability Moderate
CVE-2024-6508 was published for github.com/openshift/console (Go) Aug 21, 2024
Withdrawn Advisory: Kanister vulnerable to cluster-level privilege escalation Moderate
CVE-2024-43403 was published for github.com/kanisterio/kanister (Go) Aug 20, 2024 withdrawn
younaman hairyhum
Grafana plugin data sources vulnerable to access control bypass Moderate
CVE-2024-6322 was published for github.com/grafana/grafana (Go) Aug 20, 2024
Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API Moderate
CVE-2024-42486 was published for github.com/cilium/cilium (Go) Aug 16, 2024
sayboras
Gateway API route matching order contradicts specification Moderate
CVE-2024-42487 was published for github.com/cilium/cilium (Go) Aug 15, 2024
sayboras
Policy bypass for Host Firewall policy due to race condition in Cilium agent Moderate
CVE-2024-42488 was published for github.com/cilium/cilium (Go) Aug 15, 2024
skmatti
Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking Moderate
CVE-2024-7625 was published for github.com/hashicorp/nomad (Go) Aug 15, 2024
Cosmos Hub (Gaia): The check for the height of cryptographic equivocation evidence is missing Moderate
GHSA-83qr-9v2h-qxp4 was published for github.com/cosmos/gaia (Go) Aug 14, 2024
open-telemetry has an Observable Timing Discrepancy Moderate
CVE-2024-42368 was published for github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension (Go) Aug 13, 2024
axw arminru
frzifus mx-psi evan-bradley
Apache Answer: The link for resetting user password is not Single-Use Moderate
CVE-2024-41888 was published for github.com/apache/incubator-answer (Go) Aug 12, 2024
Apache Answer: The link to reset the user's password will remain valid after sending a new link Moderate
CVE-2024-41890 was published for github.com/apache/incubator-answer (Go) Aug 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database