Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

7 advisories

Loading
Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin Moderate
CVE-2026-34386 was published for github.com/fleetdm/fleet/v4 (Go) Mar 30, 2026
prateek-0490 Credited to prateek-0490
Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database Moderate
CVE-2026-34385 was published for github.com/fleetdm/fleet/v4 (Go) Mar 30, 2026
prateek-0490 Credited to prateek-0490
A Fleet team maintainer can transfer hosts from any team via missing source team authorization Moderate
CVE-2026-29180 was published for github.com/fleetdm/fleet/v4 (Go) Mar 27, 2026
prateek-0490 Credited to prateek-0490
Fleet: Authorization Bypass in certificate template batch deletion for team administrators Moderate
CVE-2026-25963 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
prateek-0490 Credited to prateek-0490
Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint Moderate
CVE-2026-24004 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
prateek-0490 Credited to prateek-0490
Fleet: Device lock PIN can be predicted if lock time is known Moderate
CVE-2026-23999 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
prateek-0490 Credited to prateek-0490
Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability Moderate
CVE-2026-22808 was published for github.com/fleetdm/fleet (Go) Jan 20, 2026
prateek-0490 Credited to prateek-0490 and iansltx iansltx iansltx
ProTip! Advisories are also available from the GraphQL API