Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

9 advisories

Loading
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass High
CVE-2024-29891 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
amit-laish fforootd
livio-a adlerhurst
Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability High
CVE-2024-22393 was published for github.com/apache/incubator-answer (Go) Feb 22, 2024
alist Incorrect Access Control vulnerability High
CVE-2023-33498 was published for github.com/alist-org/alist/v3 (Go) Jun 7, 2023
sjqzhang go-fastdfs vulnerable to path traversal Critical
CVE-2023-1800 was published for github.com/sjqzhang/go-fastdfs (Go) Apr 2, 2023
act vulnerable to arbitrary file upload in artifact server High
CVE-2023-22726 was published for github.com/nektos/act (Go) Jan 20, 2023
AList vulnerable to Improper Preservation of Permissions High
CVE-2022-45968 was published for github.com/alist-org/alist/v3 (Go) Dec 12, 2022
Mattermost subject to Denial of Service via upload of special GIF Moderate
CVE-2022-3257 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 25, 2022
hod-alpert
Arbitrary command execution in Minidoc High
CVE-2022-29637 was published for github.com/mindoc-org/mindoc (Go) May 27, 2022
Unrestricted Upload of File with Dangerous Type in Gogs High
CVE-2022-0415 was published for gogs.io/gogs (Go) Mar 28, 2022
wuhan005
ProTip! Advisories are also available from the GraphQL API