GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
38 advisories
Filter by severity
Mattermost Server allows user to get private channel names
Moderate
CVE-2024-10241
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 29, 2024
Vulnerable juju hook tool abstract UNIX domain socket
Moderate
CVE-2024-8037
was published
for
github.com/juju/juju
(Go)
Oct 3, 2024
Mattermost doesn't restrict which roles can promote a user as system admin
Moderate
CVE-2024-8071
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost doesn't redact remote users' original email addresses
Moderate
CVE-2024-32939
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost allows guest user with read access to upload files to a channel
Moderate
CVE-2024-43780
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams
Moderate
CVE-2024-42497
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Path traversal allows leaking out-of-bound files from Argo CD repo-server
Moderate
CVE-2022-24731
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Mattermost allows remote actor to create/update/delete posts in arbitrary channels
Moderate
CVE-2024-41144
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows a remote actor to make an arbitrary local channel read-only
Moderate
CVE-2024-41162
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost allows a user on a remote to set their remote username prop to an arbitrary string
Moderate
CVE-2024-39839
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Mattermost Server Improper Access Control
Moderate
CVE-2024-29221
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
Mattermost allows attackers access to posts in channels they are not a member of
Moderate
CVE-2024-1942
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost post fetching without auditing in compliance export
Moderate
CVE-2024-1887
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost fails to check the "invite_guest" permission
Moderate
CVE-2024-1888
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost viewing archived public channels permissions vulnerability
Moderate
CVE-2023-47858
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Jan 2, 2024
Mattermost fails to authenticate the source of certain types of post actions
Moderate
CVE-2024-2447
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull
Moderate
CVE-2024-34068
was published
for
github.com/pterodactyl/wings
(Go)
May 3, 2024
OpenFGA Authorization Bypass
Moderate
CVE-2023-40579
was published
for
github.com/openfga/openfga
(Go)
Aug 25, 2023
Gitea Arbitrary File Delete Vulnerability
Moderate
CVE-2019-1000002
was published
for
code.gitea.io/gitea
(Go)
May 13, 2022
Mattermost Improper Access Control vulnerability
Moderate
CVE-2023-6202
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Mattermost Improper Access Control vulnerability
Moderate
CVE-2023-47865
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Duplicate Advisory: Grafana Improper Access Control vulnerability
Moderate
GHSA-wm7r-3qxj-5xgq
was published
for
github.com/grafana/grafana
(Go)
Jun 6, 2023
•
withdrawn
Mattermost fails to check if user is a guest before performing actions on public playbooks
Moderate
CVE-2023-4106
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
Mattermost does not validate requesting user permissions before updating admin details
Moderate
CVE-2023-4107
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
kyverno seccomp control can be circumvented
Moderate
CVE-2023-33191
was published
for
github.com/kyverno/kyverno
(Go)
May 25, 2023
ProTip!
Advisories are also available from the
GraphQL API