Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

19 advisories

Loading
SiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIcon Moderate
CVE-2026-54068 was published for github.com/siyuan-note/siyuan/kernel (Go) Jul 10, 2026
geo-chen Credited to geo-chen
sondt99 Credited to sondt99
Algernon: Auto-refresh SSE event server binds to all interfaces with Access-Control-Allow-Origin: * and no authentication Moderate
GHSA-9v4j-7g44-qcqw was published for github.com/xyproto/algernon (Go) May 19, 2026
Dredsen Credited to Dredsen
Ech0's Unauthenticated Like Endpoint Enables Arbitrary Engagement Metric Inflation Moderate
GHSA-rgj7-vg8v-j4wr was published for github.com/lin-snow/ech0 (Go) May 7, 2026
VashuVats Credited to VashuVats
Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface Moderate
CVE-2026-34227 was published for github.com/bishopfox/sliver (Go) Mar 31, 2026
skoveit Credited to skoveit
Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint Moderate
CVE-2026-24004 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
prateek-0490 Credited to prateek-0490
Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL Moderate
CVE-2025-55073 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
Mattermost does not enforce MFA on WebSocket connections Moderate
CVE-2025-55070 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
Mattermost Confluence Plugin is Missing Authentication for Critical Function Moderate
CVE-2025-54478 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
Mattermost Does Not Sanitize the Team Invite ID Moderate
CVE-2025-47870 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
OpenBao allows cancellation of root rekey and recovery rekey operations without authentication Moderate
CVE-2025-52894 was published for github.com/openbao/openbao (Go) Jun 26, 2025
cipherboy Credited to cipherboy
Mattermost Missing Authentication for Critical Function Moderate
CVE-2025-6226 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
Missing Role Based Access Control for the REST handlers in bleve/http package Moderate
CVE-2022-31022 was published for github.com/blevesearch/bleve (Go) Jun 3, 2022
Proximyst Credited to Proximyst
Navidrome uses MD5 hashing algorithm Moderate
CVE-2024-41259 was published for github.com/navidrome/navidrome (Go) Aug 1, 2024
Unauthenticated Access to sensitive settings in Argo CD Moderate
CVE-2024-37152 was published for github.com/argoproj/argo-cd/v2/server (Go) Jun 6, 2024
moshikoHassan Credited to moshikoHassan
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records Moderate
CVE-2020-15136 was published for go.etcd.io/etcd (Go) Jan 31, 2024
Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy Moderate
CVE-2023-41333 was published for github.com/cilium/cilium (Go) Sep 27, 2023
odinuge Credited to odinuge
Denial of service in Grafana Moderate
CVE-2021-27358 was published for github.com/grafana/grafana (Go) Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API