Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

24 advisories

Loading
OctoPrint has API key access in settings without reauthentication Moderate
CVE-2024-51493 was published for OctoPrint (pip) Nov 5, 2024
jacopotediosi
Synapse's unauthenticated writes to the media repository allow planting of problematic content Moderate
CVE-2024-37303 was published for matrix-synapse (pip) Dec 3, 2024
Mautic has insufficient authentication in upgrade flow Moderate
CVE-2024-47051 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
Missing permission check in Jenkins Script Security Plugin Moderate
CVE-2024-52549 was published for org.jenkins-ci.plugins:script-security (Maven) Nov 13, 2024
Improper Access Control in Onionshare Moderate
CVE-2022-21691 was published for onionshare-cli (pip) Jan 21, 2022
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Missing Authorization in Apache Airflow Moderate
CVE-2021-35936 was published for apache-airflow (pip) Aug 30, 2021
sunSUNQ
Navidrome uses MD5 hashing algorithm Moderate
CVE-2024-41259 was published for github.com/navidrome/navidrome (Go) Aug 1, 2024
Unauthenticated Access to sensitive settings in Argo CD Moderate
CVE-2024-37152 was published for github.com/argoproj/argo-cd/v2/server (Go) Jun 6, 2024
moshikoHassan
Improper Authentication in Apache ActiveMQ Moderate
CVE-2020-13920 was published for org.apache.activemq:activemq-parent (Maven) Feb 9, 2022
sunSUNQ
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records Moderate
CVE-2020-15136 was published for go.etcd.io/etcd (Go) Jan 31, 2024
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36884 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ Moderate
CVE-2015-7559 was published for org.apache.activemq:activemq-client (Maven) Aug 1, 2019
sunSUNQ
cross-site inclusion (XSSI) of files in jupyter-server Moderate
CVE-2023-40170 was published for jupyter-server (pip) Aug 29, 2023
Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy Moderate
CVE-2023-41333 was published for github.com/cilium/cilium (Go) Sep 27, 2023
odinuge
Openstack tripleo-heat-templates unauthenticated file access Moderate
CVE-2017-12155 was published for tripleo-heat-templates (pip) May 13, 2022
Denial of service in Grafana Moderate
CVE-2021-27358 was published for github.com/grafana/grafana (Go) Feb 15, 2022
Keycloak Missing authentication for critical function Moderate
CVE-2021-20262 was published for org.keycloak:keycloak-core (Maven) Mar 12, 2021
Unauthenticated user can list hidden document from multiple velocity templates in XWiki Moderate
CVE-2022-24820 was published for org.xwiki.platform:xwiki-platform-web (Maven) Apr 8, 2022
Missing Role Based Access Control for the REST handlers in bleve/http package Moderate
CVE-2022-31022 was published for github.com/blevesearch/bleve (Go) Jun 3, 2022
Missing Authentication for Critical Function Moderate
CVE-2021-32709 was published for shopware/platform (Composer) Jun 29, 2021
Automatic room upgrade handling can be used maliciously to bridge a room non-consentually Moderate
CVE-2021-32659 was published for matrix-appservice-bridge (npm) Jun 21, 2021
Missing Authentication for Critical Function in Saleor Moderate
CVE-2020-7964 was published for saleor (pip) Jul 28, 2021
Missing Authentication for Critical Function in LibreNMS Moderate
CVE-2019-10668 was published for librenms/librenms (Composer) Oct 11, 2019
ProTip! Advisories are also available from the GraphQL API