Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

62 advisories

Loading
Gateway API route matching order contradicts specification Moderate
CVE-2024-42487 was published for github.com/cilium/cilium (Go) Aug 15, 2024
sayboras
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data Moderate
CVE-2024-40767 was published for Nova (pip) Jul 24, 2024
Name confusion in x509 Subject Alternative Name fields High
CVE-2023-52892 was published for phpseclib/phpseclib (Composer) Jun 28, 2024
btcd susceptible to consensus failures Moderate
CVE-2024-34478 was published for github.com/btcsuite/btcd (Go) May 5, 2024
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained Moderate
CVE-2024-29034 was published for carrierwave (RubyGems) Mar 25, 2024
a-zara-n
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions Low
CVE-2024-24754 was published for bref/bref (Composer) Feb 1, 2024
smaury
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2 Moderate
CVE-2024-24753 was published for bref/bref (Composer) Feb 1, 2024
smaury mnapoli
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or... Moderate Unreviewed
CVE-2023-48256 was published Jan 10, 2024
Improper Input Validation in nyholm/psr7 Moderate
GHSA-wjfc-pgfp-pv9c was published for nyholm/psr7 (Composer) Apr 21, 2023
Improper header validation in httpsoft/http-message Moderate
GHSA-9jxr-mwpp-w643 was published for httpsoft/http-message (Composer) Apr 21, 2023
devanych
Improper header name validation in guzzlehttp/psr7 Moderate
CVE-2023-29197 was published for guzzlehttp/psr7 (Composer) Apr 19, 2023
Nyholm TimWolla
GrahamCampbell
ProTip! Advisories are also available from the GraphQL API