GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
49 advisories
Denied Host Validation Bypass in Zitadel Actions
Moderate
CVE-2024-49753
was published
for
github.com/zitadel/zitadel
(Go)
Oct 25, 2024
Minder trusts client-provided mapping from repo name to upstream ID
Moderate
CVE-2024-27093
was published
for
github.com/stacklok/minder
(Go)
Feb 26, 2024
ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module
Moderate
GHSA-4j93-fm92-rp4m
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Feb 21, 2024
Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass
Moderate
CVE-2023-47106
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 5, 2023
Vega's validators able to submit duplicate transactions
Moderate
CVE-2023-35163
was published
for
code.vegaprotocol.io/vega
(Go)
Jun 20, 2023
VTAdmin users that can create shards can deny access to other functions
Moderate
CVE-2023-29195
was published
for
vitess.io/vitess
(Go)
May 11, 2023
vitess allows users to create keyspaces that can deny access to already existing keyspaces
Moderate
CVE-2023-29194
was published
for
vitess.io/vitess
(Go)
Apr 11, 2023
fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime
Moderate
CVE-2023-27483
was published
for
github.com/crossplane/crossplane-runtime
(Go)
Mar 13, 2023
Crossplane-runtime contains Improper Input Validation via Compositions
Moderate
CVE-2023-27484
was published
for
github.com/crossplane/crossplane
(Go)
Mar 10, 2023
go-ipld-prime/codec/json may panic if asked to encode bytes
Moderate
CVE-2023-22460
was published
for
github.com/ipld/go-ipld-prime
(Go)
Jan 5, 2023
Improper use of metav1.Duration allows for Denial of Service
Moderate
CVE-2022-39272
was published
for
github.com/fluxcd/flux2
(Go)
Oct 19, 2022
ProTip!
Advisories are also available from the
GraphQL API