Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

19 advisories

Loading
Privilege escalation by backend users assigned to the default "Publisher" system role Low
CVE-2020-15248 was published for october/backend (Composer) Nov 23, 2020
Authenticated Privilege Escalation Low
GHSA-5q58-x5h2-v5rx was published for shopware/core (Composer) Dec 21, 2020
Insufficient user authorization in Moodle Low
CVE-2022-0333 was published for moodle/moodle (Composer) Jan 28, 2022
Information leak in Gerrit Low
CVE-2020-8920 was published for com.google.gerrit:gerrit-plugin-api (Maven) May 24, 2022
q5438722
Byobu user preference to prevent private discussions being started are not respected Low
CVE-2022-35921 was published for fof/byobu (Composer) Aug 6, 2022
Incorrect Authorization in Jenkins Core Low
CVE-2023-27903 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
kiwi TCMS has possibility for user to update email address to unverified one Low
CVE-2023-30544 was published for kiwitcms (pip) Apr 24, 2023
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource Low
CVE-2023-3485 was published for go.temporal.io/server (Go) Jun 30, 2023
Mattermost Incorrect Authorization vulnerability Low
CVE-2023-5159 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
Mattermost Incorrect Authorization vulnerability Low
CVE-2023-5193 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
Backoffice User can bypass "Publish" restriction Low
CVE-2023-48227 was published for Umbraco.CMS (NuGet) Dec 13, 2023
roie-shmuel
Nautobot missing object-level permissions enforcement when running Job Buttons Low
CVE-2023-51649 was published for nautobot (pip) Dec 22, 2023
abdikanipd
changedetection.io API endpoint is not secured with API token Low
CVE-2024-23329 was published for changedetection.io (pip) Jan 23, 2024
rozpuszczalny
Mattermost Jira Plugin does not properly check security levels Low
CVE-2024-24774 was published for github.com/mattermost/mattermost-plugin-jira (Go) Feb 9, 2024
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service Low
CVE-2024-27086 was published for Microsoft.Identity.Client (NuGet) Apr 16, 2024
localden bgavrilMS
gladjohn pmaytak jmprieur christothes ntc-swiss-team
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services Low
CVE-2024-39324 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024
ssshah2131
Information Disclosure in TYPO3 Page Tree Low
CVE-2024-47780 was published for typo3/cms-backend (Composer) Oct 8, 2024
ohader jpmschuler
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API Low
CVE-2024-48925 was published for Umbraco.CMS (NuGet) Oct 22, 2024
thanhlam-attt
Moodle's user/power level management inconsistent with suspended users Low
CVE-2024-43433 was published for moodle/moodle (Composer) Nov 11, 2024
ProTip! Advisories are also available from the GraphQL API