Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

20,808 advisories

Loading
Ansible galaxy-importer Path Traversal vulnerability Moderate
CVE-2023-5189 was published for galaxy-importer (pip) Nov 15, 2023
Ansible symlink attack vulnerability Moderate
CVE-2023-5115 was published for ansible (pip) Dec 28, 2023
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. Moderate
CVE-2024-29857 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov
runc AppArmor bypass with symlinked /proc Moderate
CVE-2023-28642 was published for github.com/opencontainers/runc (Go) Mar 30, 2023
ssst0n3
Missing security headers in Action Pack on non-HTML responses Moderate
CVE-2024-28103 was published for actionpack (RubyGems) Jun 4, 2024
shinkbr
Opencontainers runc Incorrect Authorization vulnerability High
CVE-2023-27561 was published for github.com/opencontainers/runc (Go) Mar 3, 2023
AkihiroSuda
Quarkus CXF logs passwords and other secrets Moderate
CVE-2024-9621 was published for io.quarkiverse.cxf:quarkus-cxf (Maven) Oct 8, 2024
Unpatched `path-to-regexp` ReDoS in 0.1.x Moderate
CVE-2024-52798 was published for path-to-regexp (npm) Dec 5, 2024
blakeembrey ctcpip
sigstore-java has a vulnerability with bundle verification Low
CVE-2024-54140 was published for dev.sigstore:sigstore-java (Maven) Dec 5, 2024
loosebazooka
Directus has an HTML Injection in Comment Moderate
CVE-2024-54128 was published for @directus/app (npm) Dec 5, 2024
mastomii r3dpower
Improper Authentication in Spring Authorization Server Moderate
CVE-2024-22258 was published for org.springframework.security:spring-security-oauth2-authorization-server (Maven) Mar 20, 2024
OpenStack improperly deletes access rules Moderate
CVE-2023-6110 was published for python-openstackclient (pip) Nov 17, 2024
Drupal core vulnerable to improper error handling Moderate
CVE-2024-11942 was published for drupal/core (Composer) Dec 5, 2024
Drupal core Denial of Service High
CVE-2024-11941 was published for drupal/core (Composer) Dec 5, 2024
Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore High
CVE-2022-41137 was published for org.apache.hive:hive-exec (Maven) Dec 5, 2024
Firepad allows insecure document access Low
CVE-2024-51210 was published for firepad (npm) Dec 4, 2024
Build corruption when using `PYO3_CONFIG_FILE` environment variable Moderate
GHSA-vxcf-c7mx-pg53 was published for pyo3 (Rust) Dec 5, 2024
jFinal Server-Side Template Injection vulnerability Critical
CVE-2021-31635 was published for com.jfinal:jfinal (Maven) Jun 26, 2023
Unsound usages of `std::slice::from_raw_parts` Low
GHSA-gw5w-5j7f-jmjj was published for pprof (Rust) Dec 5, 2024
rPGP Potential Resource Exhaustion when handling Untrusted Messages High
CVE-2024-53857 was published for pgp (Rust) Dec 5, 2024
invd hko-s
link2xt dignifiedquire
rPGP Panics on Malformed Untrusted Input High
CVE-2024-53856 was published for pgp (Rust) Dec 5, 2024
invd hko-s
dignifiedquire link2xt
Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability Low
CVE-2018-1000186 was published for org.jenkins-ci.plugins:ghprb (Maven) May 14, 2022
binay1024
MySQL Connectors takeover vulnerability High
CVE-2023-22102 was published for com.mysql:mysql-connector-j (Maven) Oct 18, 2023
d0ougal elzebra
OpenStack Neutron can use an incorrect ID during policy enforcement Moderate
CVE-2024-53916 was published for neutron (pip) Nov 25, 2024
MediaWiki UnlinkedWikibase Cross-site Scripting vulnerability Moderate
CVE-2024-34500 was published for samwilson/unlinked-wikibase (Composer) May 5, 2024
ProTip! Advisories are also available from the GraphQL API