Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

20,838 advisories

Loading
Path traversal vulnerability in functional web frameworks High
CVE-2024-38816 was published for org.springframework:spring-webflux (Maven) Sep 13, 2024
Malayke AlexeyTsvetkov
andreeaButerchi aantonel-sysdig
unstructured XML External Entity (XXE) Moderate
CVE-2024-46455 was published for unstructured (pip) Dec 9, 2024
Drupal Core Cross-Site Scripting (XSS) Moderate
CVE-2024-12393 was published for drupal/core (Composer) Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability High
CVE-2024-55637 was published for drupal/core (Composer) Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability Low
CVE-2024-55636 was published for drupal/core (Composer) Dec 10, 2024
Drupal core Access bypass Moderate
CVE-2024-55634 was published for drupal/core (Composer) Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability High
CVE-2024-55638 was published for drupal/core (Composer) Dec 10, 2024
WildFly Elytron OpenID Connect Client Extension authorization code injection attack Moderate
CVE-2024-12369 was published for org.wildfly:wildfly-elytron-oidc-client-subsystem (Maven) Dec 9, 2024
luigi Arbitrary File Write via Archive Extraction (Zip Slip) High
CVE-2024-21542 was published for luigi (pip) Dec 10, 2024
Nette Database SQL injection Moderate
CVE-2024-55586 was published for nette/database (Composer) Dec 10, 2024
CosmWasm VM Incorrect metering Moderate
GHSA-2q97-m5rc-p3gp was published for cosmwasm-vm (Go) Dec 10, 2024
Panic in wasmvm can slow down block production Moderate
GHSA-vmqh-5232-v43r was published for cosmwasm-vm (Go) Dec 10, 2024
Simulation of Wasmd message can cause crashing Low
GHSA-vmg2-r3xv-r3xf was published for github.com/CosmWasm/wasmd (Go) Dec 10, 2024
Angular Expressions - Remote Code Execution when using locals Critical
CVE-2024-54152 was published for angular-expressions (npm) Dec 10, 2024
JorianWoltjer
Spring LDAP data exposure vulnerability Moderate
CVE-2024-38829 was published for org.springframework.ldap:spring-ldap-core (Maven) Dec 4, 2024
Hugo does not escape some attributes in internal templates Moderate
CVE-2024-55601 was published for github.com/gohugoio/hugo (Go) Dec 9, 2024
jmooring
lxd CA certificate sign check bypass Low
CVE-2024-6156 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing
lxd has a restricted TLS certificate privilege escalation when in PKI mode Low
CVE-2024-6219 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing
Infinite loop in nanoid Low
CVE-2024-55565 was published for nanoid (npm) Dec 9, 2024
krassowski
Directus allows unauthenticated access to WebSocket events and operations High
CVE-2024-54151 was published for @directus/api (npm) Dec 9, 2024
SeanDylanGoff fishuke
Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion High
CVE-2024-54149 was published for winter/wn-cms-module (Composer) Dec 9, 2024
bennothommo
Trix editor subject to XSS vulnerabilities on copy & paste Moderate
CVE-2024-53847 was published for trix (npm) Dec 9, 2024
NULL Pointer Dereference on moby image history Moderate
CVE-2024-36620 was published for github.com/moby/moby (Go) Nov 29, 2024
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions Low
CVE-2024-53947 was published for apache-superset (pip) Dec 9, 2024
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled High
CVE-2024-53949 was published for apache-superset (pip) Dec 9, 2024
ProTip! Advisories are also available from the GraphQL API