Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

9 advisories

Loading
Podman Origin Validation Error Moderate
CVE-2021-20199 was published for github.com/containers/podman/v3 (Go) May 18, 2021
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman Moderate
CVE-2021-4024 was published for github.com/containers/podman/v3 (Go) Jan 6, 2022
github.com/gofiber/fiber/v2 vulnerable to Origin Validation Error Moderate
CVE-2018-20744 was published for github.com/gofiber/fiber/v2 (Go) May 14, 2022
Classic builder cache poisoning Moderate
CVE-2024-24557 was published for github.com/docker/docker (Go) Feb 1, 2024
vvoland Credited to vvoland, rumpl, and gabriellavengeo rumpl rumpl
gabriellavengeo gabriellavengeo
Mattermost allows remote actor to set arbitrary RemoteId values for synced users Moderate
CVE-2024-41926 was published for github.com/mattermost/mattermost (Go) Aug 1, 2024
Mattermost allows attackers to spoof permalink embeds Moderate
CVE-2026-2457 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Default kuma-cp leaks admin token cross-origin via CORS wildcard + LocalhostIsAdmin Moderate
CVE-2026-45021 was published for github.com/kumahq/kuma (Go) May 14, 2026
Mattermost doesn't validate the X-Requested-With header on the burn-on-read reveal endpoint Moderate
CVE-2026-6339 was published for github.com/mattermost/mattermost-server (Go) May 18, 2026
ZITADEL: Missing Token Audience Validation (`aud`) in JWT IdP Provider Moderate
CVE-2026-55669 was published for github.com/zitadel/zitadel (Go) Jun 18, 2026
Android-Login-Analysis Credited to Android-Login-Analysis, IAM-marco, livio-a, and Punisher100 IAM-marco IAM-marco
livio-a livio-a Punisher100 Punisher100
ProTip! Advisories are also available from the GraphQL API