GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,726
Composer 4,023
Erlang 29
GitHub Actions 16
Go 1,830
Maven 5,045
npm 3,573
NuGet 632
pip 3,156
Pub 10
RubyGems 847
Rust 796
Swift 34

Unreviewed advisories

All unreviewed 224,712

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

11 advisories

Filter by severity

Sort by

Least recently updated

ZITADEL Vulnerable to Session Information Leakage Moderate

CVE-2024-39683 was published for github.com/zitadel/zitadel (Go) Jul 5, 2024

ZITADEL has improper HTML sanitization in emails and Console UI Moderate

CVE-2024-41953 was published for github.com/zitadel/zitadel (Go) Jul 31, 2024

ZITADEL "ignoring unknown usernames" vulnerability Moderate

CVE-2024-41952 was published for github.com/zitadel/zitadel (Go) Jul 31, 2024

ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass High

CVE-2024-29891 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024

ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass Moderate

CVE-2024-32868 was published for github.com/zitadel/zitadel (Go) Apr 25, 2024

Zitadel exposing internal database user name and host information Moderate

CVE-2024-32967 was published for github.com/zitadel/zitadel (Go) May 1, 2024

ZITADEL's actions can overload reserved claims Moderate

CVE-2024-29892 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024

ZITADEL Go's GRPC example code vulnerability - GO-2024-2687 HTTP/2 CONTINUATION flood in net/http Moderate

GHSA-qc6v-5g5m-8cw2 was published for github.com/zitadel/zitadel-go/v3 (Go) Jul 15, 2024

ZITADEL Account Takeover via Malicious Host Header Injection High

CVE-2023-49097 was published for github.com/zitadel/zitadel (Go) Nov 29, 2023

ZITADEL race condition in lockout policy execution High

CVE-2023-47111 was published for github.com/zitadel/zitadel (Go) Nov 8, 2023

ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting Moderate

CVE-2023-44399 was published for github.com/zitadel/zitadel (Go) Oct 10, 2023

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

11 advisories