Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

24 advisories

Loading
Duplicate Advisory: Authorization Bypass in OPC UA .NET Standard Stack High
GHSA-qv5f-57gw-vx3h was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Feb 10, 2025 withdrawn
Distribution's token authentication allows to inject an untrusted signing key in a JWT High
CVE-2025-24976 was published for github.com/distribution/distribution/v3 (Go) Feb 11, 2025
evanebb
Sentry improperly authorizes deletion of user issue alert notifications High
CVE-2024-45605 was published for sentry (pip) Sep 17, 2024
javeedsk8341
Grafana: Users outside an organization can delete a snapshot with its key High
CVE-2024-1313 was published for github.com/grafana/grafana (Go) Apr 5, 2024
jaypanu42 PlayerX555
aviv320i
Sentry improperly authorizes muting of alert rules High
CVE-2024-45606 was published for sentry (pip) Sep 17, 2024
emanuelbeni
Keylime registrar and (untrusted) Agent can be bypassed by an attacker High
CVE-2023-38201 was published for keylime (pip) Sep 6, 2023
Next.js Cache Poisoning High
CVE-2024-46982 was published for next (npm) Sep 17, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes High
CVE-2024-39321 was published for github.com/traefik/traefik/v2 (Go) Jul 5, 2024
MWedl
Sylius has a security vulnerability via adjustments API endpoint High
CVE-2024-40633 was published for sylius/sylius (Composer) Jul 17, 2024
Magento Improper input validation vulnerability High
CVE-2022-42344 was published for magento/community-edition (Composer) Oct 20, 2022
OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation High
CVE-2024-29194 was published for @oneuptime/common-server (npm) Mar 25, 2024
saunders-jake
Magento 2 Community Edition IDOR Vulnerability High
CVE-2019-7854 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition IDOR Vulnerability High
CVE-2019-7890 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition Access Control Bypass High
CVE-2019-7950 was published for magento/community-edition (Composer) May 24, 2022
AsyncSSH Rogue Session Attack High
CVE-2023-46446 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation High
CVE-2020-13700 was published for airesvsg/acf-to-rest-api (Composer) May 24, 2022
MarkLee131
Netmaker IDOR Allows User to Update Other User's Password High
CVE-2023-32078 was published for github.com/gravitl/netmaker (Go) Aug 25, 2023
rootxharsh iamnoooob
DataEase API interface has IDOR vulnerability High
CVE-2023-32310 was published for io.dataease:dataease-plugin-common (Maven) Jun 2, 2023
lujiefsi
usememos/memos Improper Access Control vulnerability High
CVE-2022-4803 was published for github.com/usememos/memos (Go) Dec 28, 2022
Machine-In-The-Middle in lix High
CVE-2020-10800 was published for lix (npm) Apr 16, 2020
Authorization Bypass in parse-path High
CVE-2022-0624 was published for parse-path (npm) Jun 29, 2022
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS High
CVE-2021-41120 was published for sylius/paypal-plugin (Composer) Oct 6, 2021
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification High
CVE-2021-41129 was published for pterodactyl/panel (Composer) Oct 4, 2021
High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed High
CVE-2018-1000210 was published for YamlDotNet (NuGet) Oct 16, 2018
ProTip! Advisories are also available from the GraphQL API