GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
81 advisories
Filter by severity
Mattermost fails to authenticate the source of certain types of post actions
Moderate
CVE-2024-2447
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
Mattermost Server Improper Access Control
Low
CVE-2024-21848
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
Mattermost allows attackers access to posts in channels they are not a member of
Moderate
CVE-2024-1942
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost fails to properly restrict the access of files attached to posts
Low
CVE-2024-23488
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost fails to check the "invite_guest" permission
Moderate
CVE-2024-1888
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost post fetching without auditing in compliance export
Moderate
CVE-2024-1887
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost fails to check the required permissions
Low
CVE-2024-24776
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 9, 2024
Mattermost viewing archived public channels permissions vulnerability
Moderate
CVE-2023-47858
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Jan 2, 2024
Mattermost allows demoted guests to change group names
Low
CVE-2023-50333
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Jan 2, 2024
Mattermost Improper Access Control vulnerability
Moderate
CVE-2023-6202
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Mattermost Improper Access Control vulnerability
Moderate
CVE-2023-47865
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos
Critical
CVE-2023-4696
was published
for
github.com/usememos/memos
(Go)
Sep 1, 2023
OpenFGA Authorization Bypass
Moderate
CVE-2023-40579
was published
for
github.com/openfga/openfga
(Go)
Aug 25, 2023
Mattermost fails to correctly delete attachments
Low
CVE-2023-4105
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
Mattermost does not validate requesting user permissions before updating admin details
Moderate
CVE-2023-4107
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
Mattermost fails to check if user is a guest before performing actions on public playbooks
Moderate
CVE-2023-4106
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
Grafana has Broken Access Control in Alert manager: Viewer can send test alerts
Moderate
CVE-2023-2183
was published
for
github.com/grafana/grafana
(Go)
Jun 12, 2023
HashiCorp Consul Incorrect Access Control vulnerability
High
CVE-2019-12291
was published
for
github.com/hashicorp/consul
(Go)
Jun 9, 2023
Duplicate Advisory: Grafana Improper Access Control vulnerability
Moderate
GHSA-wm7r-3qxj-5xgq
was published
for
github.com/grafana/grafana
(Go)
Jun 6, 2023
•
withdrawn
kyverno seccomp control can be circumvented
Moderate
CVE-2023-33191
was published
for
github.com/kyverno/kyverno
(Go)
May 25, 2023
Answer contains Improper Access Control vulnerability
Critical
CVE-2023-0744
was published
for
github.com/answerdev/answer
(Go)
Feb 8, 2023
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
High
CVE-2022-21953
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Privilege escalation in project role template binding (PRTB) and -promoted roles
High
CVE-2022-43759
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
GitOps Run allows for Kubernetes workload injection
High
CVE-2022-23508
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jan 9, 2023
usememos/memos Improper Access Control vulnerability
Moderate
CVE-2022-4806
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
ProTip!
Advisories are also available from the
GraphQL API