Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,201 advisories

Loading
Concrete CMS vulnerable to Stored Cross-site Scripting Low
CVE-2024-7512 was published for concrete5/concrete5 (Composer) Aug 12, 2024
Concrete CMS Stored Cross-site Scripting vulnerability Low
CVE-2024-4350 was published for concrete5/concrete5 (Composer) Aug 12, 2024
Concrete CMS Stored XSS in getAttributeSetName Low
CVE-2024-7394 was published for concrete5/concrete5 (Composer) Aug 8, 2024
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF Low
CVE-2024-41811 was published for ipl/web (Composer) Aug 5, 2024
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability Low
CVE-2024-42447 was published for apache-airflow-providers-fab (pip) Aug 5, 2024
Elliptic's EDDSA missing signature length check Low
CVE-2024-42459 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Elliptic's ECDSA missing check for whether leading bit of r and s is zero Low
CVE-2024-42460 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Elliptic allows BER-encoded signatures Low
CVE-2024-42461 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Concrete CMS vulnerable to Stored Cross-site Scripting Low
CVE-2024-4353 was published for concrete5/concrete5 (Composer) Aug 1, 2024
biscuit-auth vulnerable to public key confusion in third party block Low
CVE-2024-41949 was published for biscuit-auth (Rust) Jul 31, 2024
The fuels-ts typescript SDK has no awareness of to-be-spent transactions Low
CVE-2024-41945 was published for @fuel-ts/account (npm) Jul 30, 2024
Torres-ssf danielbate
Dhaiwat10 petertonysmith94 maschad arboleya
XMP Toolkit's `XmpFile::close` can trigger undefined behavior Low
GHSA-66fw-43h8-f8p3 was published for xmp_toolkit (Rust) Jul 26, 2024
snapd failed to properly check the destination of symbolic links when extracting a snap Low
CVE-2024-29069 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
The kstring integration in gix-attributes is unsound Low
GHSA-cx7h-h87r-jpgr was published for gix-attributes (Rust) Jul 25, 2024
Ankitects Anki LaTeX Blocklist Bypass vulnerability Low
CVE-2024-32152 was published for anki (pip) Jul 22, 2024
Jayy001
ProcessWire Cross Site Request Forgery vulnerability Low
CVE-2024-41597 was published for processwire/processwire (Composer) Jul 19, 2024
Apache CXF: SSRF vulnerability via WADL stylesheet parameter Low
CVE-2024-29736 was published for org.apache.cxf:cxf-rt-rs-service-description (Maven) Jul 19, 2024
Sentry's Python SDK unintentionally exposes environment variables to subprocesses Low
CVE-2024-40647 was published for sentry-sdk (pip) Jul 18, 2024
kmichel-aiven
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error Low
CVE-2024-40636 was published for Steeltoe.Discovery.ClientAutofac (NuGet) Jul 17, 2024
dbt has an implicit override for built-in materializations from installed packages Low
CVE-2024-40637 was published for dbt-core (pip) Jul 17, 2024
brabster
RISC Zero zkVM notes on zero-knowledge Low
GHSA-5xgj-pmjj-gw49 was published for risc0-zkvm (Rust) Jul 15, 2024
OpenSearch Observability does not properly restrict access to private tenant resources Low
CVE-2024-39901 was published for org.opensearch.plugin:opensearch-observability (Maven) Jul 10, 2024
Undici vulnerable to data leak when using response.arrayBuffer() Low
CVE-2024-38372 was published for undici (npm) Jul 9, 2024
bcomnes KhafraDev
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors Low
GHSA-3v33-3wmw-3785 was published for yt-dlp (pip) Jul 8, 2024
LeSuisse bashonly
ProTip! Advisories are also available from the GraphQL API