Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

8,774 advisories

Loading
btcd susceptible to consensus failures Moderate
CVE-2024-34478 was published for github.com/btcsuite/btcd (Go) May 5, 2024
Argo CD leaks repository credentials in user-facing error messages and in logs Moderate
CVE-2023-25163 was published for github.com/argoproj/argo-cd (Go) Feb 8, 2023
Path traversal allows leaking out-of-bound files from Argo CD repo-server Moderate
CVE-2022-24731 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt
Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2 Moderate
CVE-2021-23347 was published for github.com/argoproj/argo-cd/v2 (Go) May 21, 2021
Pulp incorrectly assigns RBAC permissions in tasks that create objects Moderate
CVE-2024-7143 was published for pulpcore (pip) Aug 7, 2024
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime faroukfaiz10
DuyTran-TomTom derekheld ebickle westonsteimel
In regclient, pinned manifest digests may be ignored Moderate
GHSA-qv35-3gw6-8q4j was published for github.com/regclient/regclient (Go) Aug 5, 2024
APM Server vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2024-37286 was published for github.com/elastic/apm-server (Go) Aug 3, 2024
Podman vulnerable to memory-based denial of service Moderate
CVE-2024-3056 was published for github.com/containers/podman (Go) Aug 2, 2024
Navidrome uses MD5 hashing algorithm Moderate
CVE-2024-41259 was published for github.com/navidrome/navidrome (Go) Aug 1, 2024
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification Moderate
CVE-2024-41264 was published for github.com/casdoor/casdoor (Go) Aug 1, 2024
Mattermost allows remote actor to create/update/delete posts in arbitrary channels Moderate
CVE-2024-41144 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost allows a remote actor to make an arbitrary local channel read-only Moderate
CVE-2024-41162 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling Moderate
CVE-2024-39832 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Mattermost allows a user on a remote to set their remote username prop to an arbitrary string Moderate
CVE-2024-39839 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Django vulnerable to denial-of-service attack Moderate
CVE-2024-41991 was published for Django (pip) Aug 7, 2024
Django vulnerable to a denial-of-service attack Moderate
CVE-2024-41990 was published for Django (pip) Aug 7, 2024
Django memory consumption vulnerability Moderate
CVE-2024-41989 was published for Django (pip) Aug 7, 2024
Jenkins does not perform a permission check in an HTTP endpoint Moderate
CVE-2024-43045 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
Magento Open Source Incorrect Authorization vulnerability Moderate
CVE-2024-34106 was published for magento/community-edition (Composer) Jun 13, 2024
Magento Open Source Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-34105 was published for magento/community-edition (Composer) Jun 13, 2024
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability Moderate
CVE-2024-34111 was published for magento/community-edition (Composer) Jun 13, 2024
Magento Open Source Improper Access Control vulnerability Moderate
CVE-2024-34107 was published for magento/community-edition (Composer) Jun 13, 2024
ZITADEL has improper HTML sanitization in emails and Console UI Moderate
CVE-2024-41953 was published for github.com/zitadel/zitadel (Go) Jul 31, 2024
livio-a
ZITADEL "ignoring unknown usernames" vulnerability Moderate
CVE-2024-41952 was published for github.com/zitadel/zitadel (Go) Jul 31, 2024
livio-a
ProTip! Advisories are also available from the GraphQL API