Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

9,116 advisories

Loading
Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path Moderate
CVE-2024-10492 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024
libre-chat Path Traversal vulnerability Moderate
CVE-2024-52787 was published for libre-chat (pip) Nov 25, 2024
rustls network-reachable panic in `Acceptor::accept` Moderate
GHSA-qg5g-gv98-5ffh was published for rustls (Rust) Nov 25, 2024
Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability Moderate
GHSA-pcx7-8hxg-j823 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024 withdrawn
Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data Moderate
GHSA-jcgg-mg9g-p9wf was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024 withdrawn
Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity Moderate
GHSA-j3x3-r585-4qhg was published for org.keycloak:keycloak-services (Maven) Nov 25, 2024 withdrawn
OpenShift Console Server Side Request Forgery vulnerability Moderate
CVE-2024-6538 was published for github.com/openshift/console (Go) Nov 25, 2024
OpenStack Neutron can use an incorrect ID during policy enforcement Moderate
CVE-2024-53916 was published for neutron (pip) Nov 25, 2024
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables Moderate
GHSA-pqhp-25j4-6hq9 was published for smol-toml (npm) Nov 22, 2024
TheKodeToad
Sentry improper error handling leaks Application Integration Client Secret Moderate
CVE-2024-53253 was published for sentry (pip) Nov 22, 2024
Christinarlong
SurrealDB has an Uncaught Exception Sorting Tables by Random Order Moderate
GHSA-m52v-24p8-654f was published for surrealdb (Rust) Nov 22, 2024
finnbear extrawurst
SurrealDB has an Uncaught Exception Handling Nonexistent Role Moderate
GHSA-jc55-246c-r88f was published for surrealdb (Rust) Nov 22, 2024
garyhai
SurrealDB has an Uncaught Exception in Function Generating Random Time Moderate
GHSA-h4f5-h82v-5w4r was published for surrealdb (Rust) Nov 22, 2024
SFTPGo allows administrators to restrict command execution from the EventManager Moderate
CVE-2024-52309 was published for github.com/drakkan/sftpgo/v2 (Go) Nov 21, 2024
hyperreality
Searching Opencast may cause a denial of service Moderate
CVE-2024-52797 was published for org.opencastproject:opencast-elasticsearch-impl (Maven) Nov 20, 2024
cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs Moderate
GHSA-r4pg-vg54-wxx4 was published for github.com/cert-manager/cert-manager (Go) Nov 20, 2024
Rancher Helm Applications may have sensitive values leaked Moderate
CVE-2024-52282 was published for github.com/rancher/rancher (Go) Nov 20, 2024
Moodle IDOR when deleting OAuth2 linked accounts Moderate
CVE-2024-45690 was published for moodle/moodle (Composer) Nov 20, 2024
Moodle allows users to retrieve information they did not have permission to access Moderate
CVE-2024-45689 was published for moodle/moodle (Composer) Nov 20, 2024
django CMS Attributes Field Cross-site Scripting Moderate
CVE-2024-11406 was published for djangocms-attributes-field (pip) Nov 20, 2024
django Filer Unrestricted Upload of File with Dangerous Type Moderate
CVE-2024-11404 was published for django-filer (pip) Nov 20, 2024
Moodle Lesson activity password bypass through PHP loose comparison Moderate
CVE-2024-45691 was published for moodle/moodle (Composer) Nov 20, 2024
Moodle IDOR when accessing list of course badges Moderate
CVE-2024-48899 was published for moodle/moodle (Composer) Nov 20, 2024
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata Moderate
CVE-2024-52522 was published for github.com/rclone/rclone (Go) Nov 19, 2024
hakong ncw
Redaxo Core CMS Cross Site Scripting (XSS) Moderate
CVE-2024-50803 was published for redaxo/source (Composer) Nov 19, 2024
ProTip! Advisories are also available from the GraphQL API