Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,504 advisories

Loading
Mattermost allows attackers access to posts in channels they are not a member of Moderate
CVE-2024-1942 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost fails to properly restrict the access of files attached to posts Low
CVE-2024-23488 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost Cross-site Scripting vulnerability Low
CVE-2023-7113 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 29, 2023
Mattermost allows demoted guests to change group names Low
CVE-2023-50333 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 2, 2024
Grafana Race condition allowing privilege escalation Critical
CVE-2022-39328 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins Moderate
CVE-2022-31130 was published for github.com/grafana/grafana (Go) May 14, 2024
joaxcar
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources High
CVE-2021-25318 was published for github.com/rancher/rancher (Go) Apr 24, 2024
Grafana when using email as a username can block other users from signing in Moderate
CVE-2022-39229 was published for github.com/grafana/grafana (Go) May 14, 2024
Mattermost notified all users in the channel when using WebSockets to respond individually Moderate
CVE-2023-48732 was published for github.com/mattermost/mattermost-server/v6 (Go) Jan 2, 2024
Grafana Spoofing originalUrl of snapshots Moderate
CVE-2022-39324 was published for github.com/grafana/grafana (Go) May 14, 2024
r3kumar
LocalAI path traversal vulnerability High
CVE-2024-5182 was published for github.com/go-skynet/LocalAI (Go) Jun 20, 2024
Mattermost fails to check the required permissions Low
CVE-2024-24776 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 9, 2024
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF High
CVE-2024-23828 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1 0xJacky
Grafana folders admin only permission privilege escalation High
CVE-2022-36062 was published for github.com/grafana/grafana (Go) May 14, 2024
Zitadel exposing internal database user name and host information Moderate
CVE-2024-32967 was published for github.com/zitadel/zitadel (Go) May 1, 2024
stiwari99 fforootd
livio-a
Grafana account takeover via OAuth vulnerability High
CVE-2022-31107 was published for github.com/grafana/grafana (Go) May 14, 2024
Mattermost fails to check the "invite_guest" permission Moderate
CVE-2024-1888 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost viewing archived public channels permissions vulnerability Moderate
CVE-2023-47858 was published for github.com/mattermost/mattermost-server/v6 (Go) Jan 2, 2024
CubeFS leaks magic secret key when starting Blobstore access service Moderate
CVE-2023-46741 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz
CubeFS leaks users key in logs Moderate
CVE-2023-46742 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz
LocalAI Command Injection in audioToWav Critical
CVE-2024-2029 was published for github.com/go-skynet/LocalAI (Go) Apr 10, 2024
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication High
CVE-2021-36775 was published for github.com/rancher/rancher (Go) Apr 24, 2024
Rancher Privilege escalation vulnerability via malicious "Connection" header High
CVE-2021-31999 was published for github.com/rancher/rancher (Go) Apr 24, 2024
mattmoyer enj
Rancher's Steve API Component Improper authorization check allows privilege escalation High
CVE-2021-36776 was published for github.com/rancher/rancher (Go) Apr 24, 2024
Grafana XSS via a query alias for the ElasticSearch datasource Moderate
CVE-2020-24303 was published for github.com/grafana/grafana (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database