Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

15 advisories

Loading
Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials Moderate
CVE-2024-45042 was published for github.com/ory/kratos (Go) Sep 26, 2024
SFTPGo has insufficient access control for password reset Moderate
CVE-2024-37897 was published for github.com/drakkan/sftpgo/v2 (Go) Jun 20, 2024
t7tran
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass Moderate
CVE-2024-32868 was published for github.com/zitadel/zitadel (Go) Apr 25, 2024
livio-a Skelmis
itz-d0dgy amit-laish muhlemmer peintnermax
Grafana when using email as a username can block other users from signing in Moderate
CVE-2022-39229 was published for github.com/grafana/grafana (Go) May 14, 2024
Authentik vulnerable to PKCE downgrade attack Moderate
CVE-2024-23647 was published for goauthentik.io (Go) Jan 29, 2024
pieterphilippaerts
Skupper uses a static cookie secret for the openshift oauth-proxy Moderate
CVE-2024-6535 was published for github.com/skupperproject/skupper (Go) Jul 17, 2024
PocketBase performs password auth and OAuth2 unverified email linking Moderate
CVE-2024-38351 was published for github.com/pocketbase/pocketbase (Go) Jun 18, 2024
dalurness
Unauthenticated Access to sensitive settings in Argo CD Moderate
CVE-2024-37152 was published for github.com/argoproj/argo-cd/v2/server (Go) Jun 6, 2024
moshikoHassan
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records Moderate
CVE-2020-15136 was published for go.etcd.io/etcd (Go) Jan 31, 2024
Prometheus Exporter-Toolkit is vulnerable to authentication bypass Moderate
CVE-2022-46146 was published for github.com/prometheus/exporter-toolkit (Go) Dec 2, 2022
Dapr API token authentication bypass in HTTP endpoints Moderate
CVE-2023-37918 was published for github.com/dapr/dapr (Go) Jul 21, 2023
ItalyPaleAle
Limited ability to spoof SAML authentication with missing audience verification in Fleet Moderate
CVE-2022-23600 was published for github.com/fleetdm/fleet/v4 (Go) Feb 7, 2022
iangcarroll
usememos/memos Improper Authentication vulnerability Moderate
CVE-2022-4799 was published for github.com/usememos/memos (Go) Dec 28, 2022
Kiali Authentication Bypass vulnerability Moderate
CVE-2021-20278 was published for github.com/kiali/kiali (Go) Jun 1, 2021
"catalog's registry v2 api exposed on unauthenticated path in Harbor" Moderate
CVE-2020-29662 was published for github.com/goharbor/harbor (Go) Feb 12, 2022
ProTip! Advisories are also available from the GraphQL API