Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

122 advisories

Loading
MoinMoin Access Restrictions Bypassed due to improper ACL enforcement High
CVE-2008-6603 was published for moin (pip) May 17, 2022
MoinMoin vulnerable to privilege escalation High
CVE-2008-1937 was published for moin (pip) May 1, 2022
Lunary improper access control vulnerability High
CVE-2024-6087 was published for lunary (npm) Sep 13, 2024
Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams High
CVE-2024-42497 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost allows remote actor to create/update/delete posts in arbitrary channels High
CVE-2024-41144 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
rejetto HFS vulnerable to OS Command Execution by remote authenticated users High
CVE-2024-39943 was published for hfs (npm) Jul 5, 2024
Directus incorrectly handles `_in` filter High
CVE-2024-39701 was published for directus (npm) Jul 8, 2024
adelinn
Mattermost fails to authenticate the source of certain types of post actions High
CVE-2024-2447 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
Mattermost post fetching without auditing in compliance export High
CVE-2024-1887 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
ZenML Server Remote Privilege Escalation Vulnerability High
CVE-2024-25723 was published for zenml (pip) Feb 27, 2024
hahwul
Django Access Restrictions Bypass High
CVE-2016-2048 was published for django (pip) May 17, 2022
MarkLee131
Incorrect Authorization in calibreweb High
CVE-2022-0273 was published for calibreweb (pip) Jan 31, 2022
Improper Access Control in Apache Airflow High
CVE-2021-26559 was published for apache-airflow (pip) Apr 7, 2021
sunSUNQ
RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission High
CVE-2024-51988 was published for rabbit_common (Erlang) Nov 6, 2024
bedla anhanhnguyen
michaelklishin
Studio 42 elFinder vulnerable to Incorrect Access Control High
CVE-2024-38909 was published for studio-42/elfinder (Composer) Jul 30, 2024
Improper Input Validation in sopel-plugins.channelmgnt High
CVE-2021-21431 was published for sopel-plugins.channelmgnt (pip) Apr 9, 2021
slixmpp Incorrect Access Control High
CVE-2019-1000021 was published for slixmpp (pip) May 13, 2022
Salt Improper Access Control High
CVE-2016-1866 was published for salt (pip) May 14, 2022
Plone unauthorized member addition vulnerability High
CVE-2015-7315 was published for Plone (pip) May 17, 2022
Plone Unauthorized Access Vulnerability High
CVE-2017-1000483 was published for Plone (pip) May 13, 2022
Plone Unrestricted Filed Manipulation vulnerability via content edit forms High
CVE-2013-4193 was published for plone (pip) May 17, 2022
Plone Improper Access Control Vulnerability High
CVE-2013-4197 was published for plone (pip) May 17, 2022
Improper Access Control in pyftpdlib High
CVE-2009-5012 was published for pyftpdlib (pip) May 2, 2022
Magento Open Source Improper Access Control vulnerability High
CVE-2024-45118 was published for magento/community-edition (Composer) Oct 10, 2024
ProTip! Advisories are also available from the GraphQL API