Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

49 advisories

Loading
gitsign may use incorrect Rekor entries during verification Low
CVE-2024-51746 was published for github.com/sigstore/gitsign (Go) Nov 5, 2024
adityasaky
gix-path uses local config across repos when it is the highest scope Low
CVE-2024-45305 was published for gix-path (Rust) Sep 3, 2024
EliahKagan martinvonz
Nuxt vulnerable to remote code execution via the browser when running the test locally Critical
CVE-2024-34344 was published for nuxt (npm) Aug 5, 2024
Ry0taK
TorchServe vulnerable to bypass of allowed_urls configuration Critical
CVE-2024-35198 was published for torchserve (pip) Jul 18, 2024
Directus has MySQL accent insensitive email matching High
CVE-2024-27295 was published for directus (npm) Mar 1, 2024
c53julian
Docassemble unauthorized access through URL manipulation High
CVE-2024-27292 was published for docassemble.base (pip) Feb 29, 2024
richighimi
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) High
CVE-2023-34092 was published for vite (npm) Jun 6, 2023
agussetyar ajaymahadeven
dloetzke
lambdaisland/uri `authority-regex` returns the wrong authority Moderate
CVE-2023-28628 was published for lambdaisland:uri (Maven) Mar 27, 2023
luigigubello plexus
Opencontainers runc Incorrect Authorization vulnerability High
CVE-2023-27561 was published for github.com/opencontainers/runc (Go) Mar 3, 2023
AkihiroSuda
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of... Critical Unreviewed
CVE-2022-30258 was published Nov 22, 2022
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of... Critical Unreviewed
CVE-2022-30257 was published Nov 22, 2022
ProTip! Advisories are also available from the GraphQL API