Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

46 advisories

Loading
Harbor fails to validate the user permissions when updating p2p preheat policies High
CVE-2022-31668 was published for github.com/goharbor/harbor (Go) Nov 14, 2024
Kyverno's PolicyException objects can be created in any namespace by default High
CVE-2024-48921 was published for github.com/kyverno/kyverno (Go) Oct 29, 2024
jeidsath
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission Moderate
CVE-2024-46989 was published for github.com/authzed/spicedb (Go) Sep 18, 2024
tim-mod
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability Moderate
CVE-2024-45043 was published for github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver (Go) Aug 29, 2024
DouglasHeriot Aneurysm9
arminru
Hyperledger Fabric does not verify request has a timestamp within the expected time window Moderate
CVE-2024-45244 was published for github.com/hyperledger/fabric (Go) Aug 25, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints Critical
CVE-2024-42490 was published for goauthentik.io (Go) Aug 22, 2024
m2a2
OpenFGA Authorization Bypass High
CVE-2024-42473 was published for github.com/openfga/openfga (Go) Aug 9, 2024
sidneibjunior
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims Low
CVE-2024-5798 was published for github.com/hashicorp/vault (Go) Jun 12, 2024
Evmos allows unvested token delegations Moderate
CVE-2024-37154 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
OpenFGA Authorization Bypass High
CVE-2024-31452 was published for github.com/openfga/openfga (Go) Apr 16, 2024
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers High
CVE-2023-3518 was published for github.com/hashicorp/consul (Go) Aug 9, 2023
anonymous4ACL24
Kyverno resource with a deletionTimestamp may allow policy circumvention Moderate
CVE-2023-34091 was published for github.com/kyverno/kyverno (Go) Jun 5, 2023
bburky
Pomerium vulnerable to Incorrect Authorization with specially crafted requests Critical
CVE-2023-33189 was published for github.com/pomerium/pomerium (Go) May 26, 2023
nonsleepr
HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation High
CVE-2023-1782 was published for github.com/hashicorp/nomad (Go) Apr 5, 2023
HashiCorp Vault's PKI mount vulnerable to denial of service Moderate
CVE-2023-0665 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
Potential network policy bypass when routing IPv6 traffic Moderate
CVE-2023-27594 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ysksuzuki
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster High
CVE-2022-21953 was published for github.com/rancher/rancher (Go) Jan 25, 2023
KubeOperator allows unauthorized access to system API High
CVE-2023-22480 was published for github.com/KubeOperator/KubeOperator (Go) Jan 9, 2023
suanve
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4811 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos vulnerable to Improper Authorization Moderate
CVE-2022-4802 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4798 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4804 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos vulnerable to improper authorization High
CVE-2022-4688 was published for github.com/usememos/memos (Go) Dec 23, 2022
OpenFGA Authorization Bypass High
CVE-2022-23542 was published for github.com/openfga/openfga (Go) Dec 20, 2022
ProTip! Advisories are also available from the GraphQL API