Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

96 advisories

Loading
Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3) High
CVE-2024-54131 was published for github.com/kolide/launcher (Go) Dec 3, 2024
MLflow's excessive directory permissions allow local privilege escalation High
CVE-2024-27134 was published for mlflow (pip) Nov 25, 2024
Moodle IDOR when deleting OAuth2 linked accounts Moderate
CVE-2024-45690 was published for moodle/moodle (Composer) Nov 20, 2024
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin High
CVE-2024-52551 was published for org.jenkinsci.plugins:pipeline-model-parent (Maven) Nov 13, 2024
Moodle has insufficient access control Low
CVE-2024-43430 was published for moodle/moodle (Composer) Nov 11, 2024
Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present Moderate
CVE-2024-47825 was published for github.com/cilium/cilium (Go) Oct 21, 2024
christarazi
request_store has Incorrect Default Permissions Moderate
CVE-2024-43791 was published for request_store (RubyGems) Aug 23, 2024
G-Rath
Improper Preservation of Permissions in xxl-job High
CVE-2024-42681 was published for com.xuxueli:xxl-job-core (Maven) Aug 15, 2024
Kubean vulnerable to cluster-level privilege escalation High
CVE-2024-41820 was published for github.com/kubean-io/kubean (Go) Aug 5, 2024
younaman
Kubernetes sets incorrect permissions on Windows containers logs High
CVE-2024-5321 was published for k8s.io/kubernetes (Go) Jul 18, 2024
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console Low
CVE-2024-5967 was published for org.keycloak:keycloak-ldap-federation (Maven) Jun 21, 2024
MarkLee131
Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials Low
GHSA-gmrm-8fx4-66x7 was published for org.keycloak:keycloak-core (Maven) Jun 18, 2024 withdrawn
langchain_experimental Code Execution via Python REPL access High
CVE-2024-38459 was published for langchain-experimental (pip) Jun 16, 2024
Kaminari Insecure File Permissions Vulnerability Moderate
CVE-2024-32978 was published for kaminari (RubyGems) May 28, 2024
G-Rath
Mautic Sensitive Data Exposure due to inadequate user permission settings High
CVE-2022-25776 was published for mautic/core (Composer) Apr 12, 2024
lenonleite
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files. Moderate
CVE-2024-28862 was published for rotp (RubyGems) Mar 18, 2024
G-Rath
Phone information disclosure vulnerability Moderate
CVE-2024-22889 was published for Plone (pip) Mar 6, 2024
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users Moderate
CVE-2024-26280 was published for apache-airflow (pip) Mar 1, 2024
oscerd sunSUNQ
Pkg Local Privilege Escalation Moderate
CVE-2024-24828 was published for pkg (npm) Feb 9, 2024
TomiBelan
Apache Superset has Incorrect Default Permissions Moderate
CVE-2023-42501 was published for apache-superset (pip) Nov 27, 2023
Jenkins temporary plugin file created with insecure permissions High
CVE-2023-43496 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 20, 2023
Missing "--allow-net" permission check for built-in Node modules High
CVE-2023-33966 was published for deno (Rust) May 31, 2023
sylc
nfpm has incorrect default permissions High
CVE-2023-32698 was published for github.com/goreleaser/nfpm (Go) May 24, 2023
oCHRISo caarlos0
djgilcrease
Jenkins AppSpider Plugin missing permission check Moderate
CVE-2023-32999 was published for com.rapid7:jenkinsci-appspider-plugin (Maven) May 16, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing permission checks Moderate
CVE-2023-32996 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
ProTip! Advisories are also available from the GraphQL API