Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

554 advisories

Loading
Quarkus CORS filter allows simple GET and POST requests with an invalid Origin to proceed High
CVE-2022-4147 was published for io.quarkus:quarkus-vertx-http (Maven) Dec 6, 2022
OpenFGA Authorization Bypass via tupleset wildcard Moderate
CVE-2022-39341 was published for github.com/openfga/openfga (Go) Oct 25, 2022
OpenFGA Authorization Bypass Moderate
CVE-2022-39342 was published for github.com/openfga/openfga (Go) Oct 25, 2022
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint Moderate
CVE-2022-39340 was published for github.com/openfga/openfga (Go) Oct 25, 2022
Field-level access-control bypass for multiselect field Critical
CVE-2022-39322 was published for @keystone-6/core (npm) Oct 18, 2022
marekryb
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API High
CVE-2022-41672 was published for apache-airflow (pip) Oct 7, 2022
sunSUNQ
Bytebase allows low-privilege users to view admin projects Moderate
CVE-2022-32170 was published for github.com/bytebase/bytebase (Go) Sep 29, 2022
XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference High
CVE-2022-31167 was published for org.xwiki.platform:xwiki-platform-security (Maven) Sep 20, 2022
Harbor fails to validate the user permissions when updating a robot account Moderate
CVE-2022-31667 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
andrewpollock
Harbor fails to validate the user permissions when updating tag immutability policies Moderate
CVE-2022-31669 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
michaelkedar
Harbor fails to validate the user permissions when viewing Webhook policies High
CVE-2022-31666 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
andrewpollock
Harbor fails to validate the user permissions when updating tag retention policies High
CVE-2022-31670 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
michaelkedar
XWiki Platform Improper Authorization check for inactive users High
CVE-2022-36090 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 16, 2022
Netmaker vulnerable to Insufficient Granularity of Access Control High
CVE-2022-36110 was published for github.com/gravitl/netmaker (Go) Sep 15, 2022
ProTip! Advisories are also available from the GraphQL API