Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

15 advisories

Loading
Denied Host Validation Bypass in Zitadel Actions Moderate
CVE-2024-49753 was published for github.com/zitadel/zitadel (Go) Oct 25, 2024
prdp1137 livio-a
fforootd
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation High
CVE-2024-47060 was published for github.com/zitadel/zitadel/v2 (Go) Sep 19, 2024
prdp1137 livio-a
fforootd
ZITADEL's Service Users Deactivation not Working High
CVE-2024-47000 was published for github.com/zitadel/zitadel/v2 (Go) Sep 19, 2024
livio-a fforootd
ZITADEL's User Grant Deactivation not Working High
CVE-2024-46999 was published for github.com/zitadel/zitadel/v2 (Go) Sep 19, 2024
livio-a fforootd
ZITADEL "ignoring unknown usernames" vulnerability Moderate
CVE-2024-41952 was published for github.com/zitadel/zitadel (Go) Jul 31, 2024
livio-a
ZITADEL has improper HTML sanitization in emails and Console UI Moderate
CVE-2024-41953 was published for github.com/zitadel/zitadel (Go) Jul 31, 2024
livio-a
ZITADEL Go's GRPC example code vulnerability - GO-2024-2687 HTTP/2 CONTINUATION flood in net/http Moderate
GHSA-qc6v-5g5m-8cw2 was published for github.com/zitadel/zitadel-go/v3 (Go) Jul 15, 2024
helpisdev livio-a
ZITADEL Vulnerable to Session Information Leakage Moderate
CVE-2024-39683 was published for github.com/zitadel/zitadel (Go) Jul 5, 2024
cybertransformer livio-a
fforootd Avolicious AmirhoseinBrz srividyaj
Zitadel exposing internal database user name and host information Moderate
CVE-2024-32967 was published for github.com/zitadel/zitadel (Go) May 1, 2024
stiwari99 fforootd
livio-a
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass High
CVE-2024-32868 was published for github.com/zitadel/zitadel (Go) Apr 25, 2024
livio-a Skelmis
itz-d0dgy amit-laish muhlemmer peintnermax
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass High
CVE-2024-29891 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
amit-laish fforootd
livio-a adlerhurst
ZITADEL's actions can overload reserved claims High
CVE-2024-29892 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
schettn fforootd
adlerhurst livio-a
ZITADEL Account Takeover via Malicious Host Header Injection High
CVE-2023-49097 was published for github.com/zitadel/zitadel (Go) Nov 29, 2023
eliobischof livio-a
amit-laish
ZITADEL race condition in lockout policy execution High
CVE-2023-47111 was published for github.com/zitadel/zitadel (Go) Nov 8, 2023
itz-d0dgy livio-a
ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting Moderate
CVE-2023-44399 was published for github.com/zitadel/zitadel (Go) Oct 10, 2023
hoseph livio-a
fforootd adlerhurst
ProTip! Advisories are also available from the GraphQL API