GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
78 advisories
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints
High
CVE-2024-42490
was published
for
goauthentik.io
(Go)
Aug 22, 2024
Capsule tenant owner with "patch namespace" permission can hijack system namespaces
High
CVE-2024-39690
was published
for
github.com/projectcapsule/capsule
(Go)
Aug 20, 2024
OpenFGA Authorization Bypass
High
CVE-2024-42473
was published
for
github.com/openfga/openfga
(Go)
Aug 9, 2024
Evmos vulnerable to exploit of smart contract account and vesting
High
CVE-2024-39696
was published
for
github.com/evmos/evmos/v18
(Go)
Jul 10, 2024
SFTPGo has insufficient access control for password reset
Moderate
CVE-2024-37897
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Jun 20, 2024
Argo CD's API server does not enforce project sourceNamespaces
Moderate
CVE-2024-31990
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Apr 15, 2024
ZITADEL's actions can overload reserved claims
Moderate
CVE-2024-29892
was published
for
github.com/zitadel/zitadel
(Go)
Mar 28, 2024
Email Validation Bypass And Preventing Sign Up From Email's Owner
Moderate
CVE-2023-6152
was published
for
github.com/grafana/grafana
(Go)
Feb 13, 2024
Buildkit's interactive containers API does not validate entitlements check
Critical
CVE-2024-23653
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
1Panel Arbitrary File Download vulnerability
Moderate
CVE-2023-39965
was published
for
github.com/1Panel-dev/1Panel
(Go)
Aug 10, 2023
Improper configuration of RBAC permissions obtaining cluster control permissions
Critical
CVE-2023-33190
was published
for
github.com/labring/sealos
(Go)
Jun 30, 2023
ProTip!
Advisories are also available from the
GraphQL API