Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

20,813 advisories

Loading
laravel-s vulnerable to Local File Inclusion Critical
CVE-2023-29931 was published for hhxsv5/laravel-s (Composer) Jun 22, 2023
Improper permissions handling in MediaWiki AbuseFilter Moderate
CVE-2024-47913 was published for mediawiki/abuse-filter (Composer) Oct 5, 2024
Cross-Site Request Forgery in Apache Wicket Moderate
CVE-2024-27439 was published for org.apache.wicket:wicket (Maven) Mar 19, 2024
Jenkins HTML Publisher Plugin does not properly sanitize input High
CVE-2024-28149 was published for org.jenkins-ci.plugins:htmlpublisher (Maven) Mar 6, 2024
shared_preferences_android vulnerability Low
GHSA-3hpf-ff72-j67p was published for shared_preferences_android (Pub) Dec 6, 2024
reidbaker stuartmorgan
Django denial-of-service in django.utils.html.strip_tags() Moderate
CVE-2024-53907 was published for Django (pip) Dec 6, 2024
Django SQL injection in HasKey(lhs, rhs) on Oracle High
CVE-2024-53908 was published for Django (pip) Dec 6, 2024
semver vulnerable to Regular Expression Denial of Service High
CVE-2022-25883 was published for semver (npm) Jun 21, 2023
mrgrain G-Rath
phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available High
CVE-2024-54141 was published for thorsten/phpmyfaq (Composer) Dec 6, 2024
geo-chen
Certifi removes GLOBALTRUST root certificate Low
CVE-2024-39689 was published for certifi (pip) Jul 5, 2024
Kwpolska
JetBrains Ktor information disclosure Moderate
CVE-2024-49580 was published for io.ktor:ktor-client-core-jvm (Maven) Oct 17, 2024
AlexeyTsvetkov
Prototype Pollution in the merge and clone helper methods Moderate
CVE-2021-39227 was published for zrender (npm) Sep 20, 2021
Asjidkalam huntr-helper
Ansible galaxy-importer Path Traversal vulnerability Moderate
CVE-2023-5189 was published for galaxy-importer (pip) Nov 15, 2023
Ansible symlink attack vulnerability Moderate
CVE-2023-5115 was published for ansible (pip) Dec 28, 2023
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. Moderate
CVE-2024-29857 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov
Missing security headers in Action Pack on non-HTML responses Moderate
CVE-2024-28103 was published for actionpack (RubyGems) Jun 4, 2024
shinkbr
runc AppArmor bypass with symlinked /proc Moderate
CVE-2023-28642 was published for github.com/opencontainers/runc (Go) Mar 30, 2023
ssst0n3
Opencontainers runc Incorrect Authorization vulnerability High
CVE-2023-27561 was published for github.com/opencontainers/runc (Go) Mar 3, 2023
AkihiroSuda
Quarkus CXF logs passwords and other secrets Moderate
CVE-2024-9621 was published for io.quarkiverse.cxf:quarkus-cxf (Maven) Oct 8, 2024
Unpatched `path-to-regexp` ReDoS in 0.1.x Moderate
CVE-2024-52798 was published for path-to-regexp (npm) Dec 5, 2024
blakeembrey ctcpip
sigstore-java has a vulnerability with bundle verification Low
CVE-2024-54140 was published for dev.sigstore:sigstore-java (Maven) Dec 5, 2024
loosebazooka
Directus has an HTML Injection in Comment Moderate
CVE-2024-54128 was published for @directus/app (npm) Dec 5, 2024
mastomii r3dpower
Improper Authentication in Spring Authorization Server Moderate
CVE-2024-22258 was published for org.springframework.security:spring-security-oauth2-authorization-server (Maven) Mar 20, 2024
OpenStack improperly deletes access rules Moderate
CVE-2023-6110 was published for python-openstackclient (pip) Nov 17, 2024
Drupal core vulnerable to improper error handling Moderate
CVE-2024-11942 was published for drupal/core (Composer) Dec 5, 2024
ProTip! Advisories are also available from the GraphQL API