Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

136 advisories

Loading
gitsign may use incorrect Rekor entries during verification Low
CVE-2024-51746 was published for github.com/sigstore/gitsign (Go) Nov 5, 2024
adityasaky
LocalAI Cross-site Scripting vulnerability Low
CVE-2024-48057 was published for github.com/mudler/LocalAI (Go) Nov 5, 2024
Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations Low
CVE-2024-51744 was published for github.com/golang-jwt/jwt/v4 (Go) Nov 4, 2024
yuligesec
Grafana org admin can delete pending invites in different org Low
CVE-2024-10452 was published for github.com/grafana/grafana (Go) Oct 29, 2024
Mattermost incorrectly issues two sessions when using desktop SSO Low
CVE-2024-10214 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 28, 2024
AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers Low
GHSA-rjfv-pjvx-mjgv was published for sigs.k8s.io/aws-load-balancer-controller (Go) Oct 24, 2024
SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not Low
CVE-2024-48909 was published for github.com/authzed/spicedb (Go) Oct 14, 2024
Go-Landlock in best-effort mode did not restrict TCP bind and connect operations correctly Low
GHSA-vv6c-69r6-chg9 was published for github.com/landlock-lsm/go-landlock (Go) Oct 14, 2024
Dozzle uses unsafe hash for passwords Low
CVE-2024-47182 was published for github.com/amir20/dozzle (Go) Oct 9, 2024
mohammed90
OpenTofu potential leaking of secret variable values when using static evaluation in v1.8 Low
GHSA-wpr2-j6gr-pjw9 was published for github.com/opentofu/opentofu (Go) Oct 3, 2024
Path traversal vulnerability in stripe-cli Low
CVE-2024-45401 was published for github.com/stripe/stripe-cli (Go) Sep 5, 2024
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack Low
CVE-2024-45395 was published for github.com/sigstore/sigstore-go (Go) Sep 4, 2024
AdamKorcz codysoyland
CometBFT's state syncing validator from malicious node may lead to a chain split Low
GHSA-g5xx-c4hv-9ccc was published for github.com/cometbft/cometbft (Go) Sep 3, 2024
Trufflehog vulnerable to Blind SSRF in some Detectors Low
CVE-2024-43379 was published for github.com/trufflesecurity/trufflehog/v3 (Go) Aug 19, 2024
abankalarm
snapd failed to properly check the destination of symbolic links when extracting a snap Low
CVE-2024-29069 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims Low
CVE-2024-5798 was published for github.com/hashicorp/vault (Go) Jun 12, 2024
`docker cp` allows unexpected chmod of host files in Moby Docker Engine Low
CVE-2021-41089 was published for github.com/docker/docker (Go) Jun 10, 2024
LevanaXr ssst0n3
evmos allows transferring unvested tokens after delegations Low
CVE-2024-32873 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
SQL Injection in Harbor scan log API Low
CVE-2024-22261 was published for github.com/goharbor/harbor (Go) Jun 2, 2024
github.com/huandu/facebook may expose access_token in error message. Low
CVE-2024-35232 was published for github.com/huandu/facebook/v2 (Go) May 24, 2024
seiyab
github.com/bincyber/go-sqlcrypter vulnerable to IV collision Low
GHSA-2j6r-9vv4-6gf5 was published for github.com/bincyber/go-sqlcrypter (Go) May 20, 2024
Grafana Forward OAuth Identity Token can allow users to access some data sources Low
CVE-2022-21673 was published for github.com/grafana/grafana (Go) May 14, 2024
mxalis
containerd started with non-empty inheritable Linux process capabilities Low
GHSA-c9cp-9c75-9v8c was published for github.com/containerd/containerd (Go) May 14, 2024
NATS server TLS missing ciphersuite settings when CLI flags used Low
CVE-2021-32026 was published for github.com/nats-io/nats-server/v2 (Go) May 14, 2024
lukas-braune
ProTip! Advisories are also available from the GraphQL API