GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
2,061 advisories
Argo Workflows Controller: Denial of Service via malicious daemon Workflows
Moderate
CVE-2024-47827
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Oct 28, 2024
Withdrawn Advisory: go-mysql affected by go.uuid's Predictable UUID Identifiers
Critical
GHSA-rc7v-65v6-m2v3
was published
for
github.com/go-mysql-org/go-mysql
(Go)
Oct 28, 2024
•
withdrawn
github.com/crossplane/crossplane: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
Critical
GHSA-7h65-4p22-39j6
was published
for
github.com/crossplane/crossplane
(Go)
Oct 25, 2024
User Registration Bypass in Zitadel
High
CVE-2024-49757
was published
for
github.com/zitadel/zitadel
(Go)
Oct 25, 2024
Denied Host Validation Bypass in Zitadel Actions
Moderate
CVE-2024-49753
was published
for
github.com/zitadel/zitadel
(Go)
Oct 25, 2024
Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present
Moderate
CVE-2024-47825
was published
for
github.com/cilium/cilium
(Go)
Oct 21, 2024
Grafana Command Injection And Local File Inclusion Via Sql Expressions
Critical
CVE-2024-9264
was published
for
github.com/grafana/grafana
(Go)
Oct 18, 2024
KubeSphere IDOR vulnerability
Moderate
CVE-2024-46528
was published
for
github.com/kubesphere/kubesphere
(Go)
Oct 14, 2024
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Moderate
CVE-2024-47877
was published
for
github.com/codeclysm/extract
(Go)
Oct 11, 2024
SSOReady has an XML Signature Bypass via differential XML parsing
Critical
CVE-2024-47832
was published
for
github.com/ssoready/ssoready
(Go)
Oct 11, 2024
ProTip!
Advisories are also available from the
GraphQL API