GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,089
Erlang
29
GitHub Actions
19
Go
1,910
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
81 advisories
Filter by severity
Mattermost allows guest user with read access to upload files to a channel
Moderate
CVE-2024-43780
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams
Moderate
CVE-2024-42497
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost allows team admin user without "Add Team Members" permission to disable invite URL
Low
CVE-2024-40884
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost doesn't redact remote users' original email addresses
Moderate
CVE-2024-32939
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost doesn't restrict which roles can promote a user as system admin
Moderate
CVE-2024-8071
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
RBAC Roles for `etcd` created by Kamaji are not disjunct
High
CVE-2024-42480
was published
for
github.com/clastix/kamaji
(Go)
Aug 12, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm
High
GHSA-6vjm-54vp-mxhx
was published
for
github.com/juju/juju
(Go)
Aug 5, 2024
Mattermost allows unsolicited invites to expose access to local channels
High
CVE-2024-39777
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows remote actor to set arbitrary RemoteId values for synced users
Low
CVE-2024-41926
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows a user on a remote to set their remote username prop to an arbitrary string
Moderate
CVE-2024-39839
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows a remote actor to make an arbitrary local channel read-only
Moderate
CVE-2024-41162
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost did not properly restrict channel creation
Low
CVE-2024-39837
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows remote actor to create/update/delete posts in arbitrary channels
Moderate
CVE-2024-41144
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost failed to properly validate synced reactions
Low
CVE-2024-29977
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost failed to disallow the modification of local users when syncing users in shared channels
High
CVE-2024-36492
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel
High
CVE-2024-39274
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull
Moderate
CVE-2024-34068
was published
for
github.com/pterodactyl/wings
(Go)
May 3, 2024
karmada vulnerable to arbitrary code execution via a crafted command
High
CVE-2024-33396
was published
for
github.com/karmada-io/karmada
(Go)
May 2, 2024
Mattermost allows team admins to promote guests to team admins
Low
CVE-2024-4195
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Mattermost fails to fully validate role changes
Low
CVE-2024-4198
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Rancher's Steve API Component Improper authorization check allows privilege escalation
High
CVE-2021-36776
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication
High
CVE-2021-36775
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Improper Access Control in Gitea
Critical
CVE-2020-28991
was published
for
github.com/go-gitea/gitea
(Go)
Apr 24, 2024
Access Restriction Bypass in go-ipfs
High
CVE-2020-10937
was published
for
github.com/ipfs/go-ipfs
(Go)
Apr 24, 2024
Mattermost fails to authenticate the source of certain types of post actions
Moderate
CVE-2024-2447
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
ProTip!
Advisories are also available from the
GraphQL API