Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

10 advisories

Loading
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to Moderate
CVE-2024-39691 was published for matrix-appservice-irc (npm) Jul 5, 2024
progval
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings` Moderate
CVE-2024-35228 was published for wagtail (pip) Jun 2, 2024
engineervix gasman
RealOrangeOne
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects Moderate
CVE-2024-36112 was published for nautobot (pip) May 29, 2024
Matrix IRC Bridge truncated content of messages can be leaked Moderate
CVE-2024-32000 was published for matrix-appservice-irc (npm) Apr 11, 2024
progval
Apiman vulnerable to permissions bypass due to missing check on API key URL Moderate
CVE-2023-28640 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Mar 27, 2023
volkflo
`cilium-cli` disables etcd authorization for clustermesh clusters Moderate
CVE-2023-28114 was published for github.com/cilium/cilium-cli (Go) Mar 21, 2023
giorio94
usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges Moderate
CVE-2022-4863 was published for github.com/usememos/memos (Go) Dec 30, 2022
Missing permissions check in Liferay Portal Moderate
CVE-2022-42126 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Missing permissions check in Jenkins Core Moderate
CVE-2016-3725 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Improper Handling of Insufficient Permissions or Privileges in MySQL Connectors Java Moderate
CVE-2022-21363 was published for mysql:mysql-connector-java (Maven) Jan 20, 2022
ProTip! Advisories are also available from the GraphQL API