Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

20,944 advisories

Loading
Browsershot Improper Input Validation vulnerability High
CVE-2024-21549 was published for spatie/browsershot (Composer) Dec 20, 2024
Hashicorp Nomad Incorrect Privilege Assignment vulnerability Moderate
CVE-2024-12678 was published for github.com/hashicorp/nomad (Go) Dec 20, 2024
Spring Framework Path Traversal vulnerability High
CVE-2024-38819 was published for org.springframework:spring-webflux (Maven) Dec 19, 2024
QOS.CH logback-core Server-Side Request Forgery vulnerability Low
CVE-2024-12801 was published for ch.qos.logback:logback-core (Maven) Dec 19, 2024
HTHou
QOS.CH logback-core Expression Language Injection vulnerability Moderate
CVE-2024-12798 was published for ch.qos.logback:logback-core (Maven) Dec 19, 2024
HTHou perexis
GoetzGoerisch
OpenShift Must Gather Operator Improper Input Validation vulnerability High
CVE-2024-25131 was published for github.com/openshift/must-gather (Go) Dec 19, 2024
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service High
GHSA-5pf6-cq2v-23ww was published for github.com/clidey/whodb/core (Go) Dec 19, 2024
thevilledev
Astro's server source code is exposed to the public if sourcemaps are enabled High
CVE-2024-56159 was published for astro (npm) Dec 19, 2024
lilnasy
Non-linear parsing of case-insensitive content in golang.org/x/net/html High
CVE-2024-45338 was published for golang.org/x/net (Go) Dec 18, 2024
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability Moderate
GHSA-j2v2-3784-vr44 was published for opencart/opencart (Composer) Dec 18, 2024 withdrawn
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled Critical
CVE-2024-56145 was published for craftcms/cms (Composer) Dec 18, 2024
akues-an
age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution Moderate
GHSA-32gq-x56h-299c was published for filippo.io/age (Go) Dec 18, 2024
rage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution Moderate
GHSA-4fg7-vxc8-qx5w was published for age (Rust) Dec 18, 2024
TShock Security Escalation Exploit High
GHSA-hvm9-wc8j-mgrc was published for TShock (NuGet) Dec 18, 2024
sgkoishi THEXN
Prototype pollution in jsii.configureCategories Low
GHSA-m56h-5xx3-2jc2 was published for jsii (npm) Dec 18, 2024
Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm Low
CVE-2024-56128 was published for org.apache.kafka:kafka (Maven) Dec 18, 2024
Atro CSRF Middleware Bypass (security.checkOrigin) Moderate
CVE-2024-56140 was published for astro (npm) Dec 18, 2024
KageShiron ematipico
delucis ascorbic
Spatie Browsershot Directory Traversal vulnerability High
CVE-2024-21547 was published for spatie/browsershot (Composer) Dec 18, 2024
UniSharp Laravel Filemanager Code Injection vulnerability High
CVE-2024-21546 was published for unisharp/laravel-filemanager (Composer) Dec 18, 2024
Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page Moderate
CVE-2023-37940 was published for com.liferay.portal:release.dxp.bom (Maven) Dec 18, 2024
Keycloak vulnerable to Cleartext Transmission of Sensitive Information Moderate
CVE-2024-10973 was published for org.keycloak:keycloak-quarkus-server (Maven) Dec 18, 2024
ProTip! Advisories are also available from the GraphQL API