Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

65 advisories

Loading
Path Traversal in file update API in gogs High
CVE-2024-55947 was published for gogs.io/gogs (Go) Dec 23, 2024
ManassehZhou
Remote Command Execution in file editing in gogs High
CVE-2024-54148 was published for gogs.io/gogs (Go) Dec 23, 2024
ManassehZhou
SiYuan has an arbitrary file read via /api/template/render High
CVE-2024-55657 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
SiYuan has an arbitrary file read and path traversal via /api/export/exportResources High
CVE-2024-55658 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
SiYuan has an arbitrary file write in the host via /api/asset/upload High
CVE-2024-55659 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
Kubernetes kubelet arbitrary command execution High
CVE-2024-10220 was published for k8s.io/kubernetes (Go) Nov 22, 2024
Unpatched Remote Code Execution in Gogs High
CVE-2024-44625 was published for gogs.io/gogs (Go) Nov 15, 2024
Hashicorp Consul Path Traversal vulnerability High
CVE-2024-10005 was published for github.com/hashicorp/consul (Go) Oct 31, 2024
Adguard Home arbitrary file read vulnerability High
CVE-2024-36814 was published for github.com/AdguardTeam/AdGuardHome (Go) Oct 8, 2024
itz-d0dgy
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`) High
CVE-2024-45388 was published for github.com/spectolabs/hoverfly (Go) Sep 3, 2024
pwntester
Ollama can extract members of a ZIP archive outside of the parent directory High
CVE-2024-45436 was published for github.com/ollama/ollama (Go) Aug 29, 2024
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable High
CVE-2024-41121 was published for go.woodpecker-ci.org/woodpecker (Go) Jul 19, 2024
LocalAI path traversal vulnerability High
CVE-2024-5182 was published for github.com/go-skynet/LocalAI (Go) Jun 20, 2024
Vulnerabilities with the k8sGPT High
GHSA-85rg-8m6h-825p was published for github.com/k8sgpt-ai/k8sgpt (Go) Jun 13, 2024
atul86244
malicious container creates symlink "mtab" on the host External High
CVE-2024-5154 was published for github.com/cri-o/cri-o (Go) Jun 4, 2024
eriksjolund
Stakater Forecastle has a directory traversal vulnerability High
CVE-2023-40297 was published for github.com/stakater/Forecastle (Go) May 15, 2024
github.com/u-root/u-root/pkg/cpio Arbitrary File Write via Archive Extraction (Zip Slip) High
CVE-2020-7666 was published for github.com/u-root/u-root/pkg/cpio (Go) Apr 24, 2024
gin-vue-admin background arbitrary code coverage vulnerability High
CVE-2024-31457 was published for github.com/flipped-aurora/gin-vue-admin/server (Go) Apr 9, 2024
Container escape at build time High
GHSA-pmf3-c36m-g5cf was published for github.com/containers/buildah (Go) Mar 19, 2024
rmcnamara-snyk
Grafana path traversal High
CVE-2021-43798 was published for github.com/grafana/grafana (Go) Feb 1, 2024
jordyv
Mattermost Injection vulnerability High
CVE-2023-6458 was published for github.com/mattermost/mattermost-server/v6 (Go) Dec 6, 2023
Artifact Hub arbitrary file read vulnerability High
CVE-2023-45823 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
Arduino Create Agent path traversal - local privilege escalation vulnerability High
CVE-2023-43802 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84
1Panel O&M management panel has a background arbitrary file reading vulnerability High
CVE-2023-39964 was published for github.com/1Panel-dev/1Panel (Go) Aug 10, 2023
darkfive2022
Nuclei Path Traversal vulnerability High
CVE-2023-37896 was published for github.com/projectdiscovery/nuclei (Go) Aug 4, 2023
ProTip! Advisories are also available from the GraphQL API