Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

25 advisories

Loading
Improper Check for Unusual or Exceptional Conditions in json-smart Moderate
CVE-2021-27568 was published for net.minidev:json-smart (Maven) Jun 16, 2021
afdesk
Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20 Moderate
CVE-2021-33605 was published for com.vaadin:vaadin-checkbox-flow (Maven) Aug 30, 2021
tdunlap607
Denial of Service (DoS) in mongo-express Moderate
CVE-2021-23372 was published for mongo-express (npm) Oct 6, 2021
Authz Module Non-Determinism Moderate
CVE-2021-41135 was published for github.com/cosmos/cosmos-sdk (Go) Oct 21, 2021
robert-zaremba iramiller
Crash due to erroneous `StatusOr` in TensorFlow Moderate
CVE-2022-23590 was published for tensorflow (pip) Feb 9, 2022
Incomplete validation in `SparseSparseMinimum` Moderate
CVE-2021-29607 was published for tensorflow (pip) Mar 18, 2022
Potential Captcha Validate Bypass in flask-session-captcha Moderate
CVE-2022-24880 was published for flask-session-captcha (pip) Apr 26, 2022
GuillaumeGomez
Unexpected server crash in Next.js Moderate
CVE-2022-36046 was published for next (npm) Aug 30, 2022
OctoRPKI crashes when max iterations is reached Moderate
CVE-2022-3616 was published for github.com/cloudflare/cfrpki (Go) Oct 31, 2022
Froxlor contains Unchecked Error Condition Moderate
CVE-2023-0572 was published for froxlor/froxlor (Composer) Jan 30, 2023
Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf Moderate
CVE-2023-23931 was published for cryptography (pip) Feb 7, 2023
IPFS go-bitfield vulnerable to DoS via malformed size arguments Moderate
CVE-2023-23626 was published for github.com/ipfs/go-bitfield (Go) Feb 10, 2023
Jorropo
Insufficient validation when decoding a Socket.IO packet Moderate
CVE-2023-32695 was published for socket.io-parser (npm) May 23, 2023
rafax00 darrachequesne
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall` Moderate
CVE-2023-34449 was published for ink (Rust) Jun 14, 2023
Shopware improper mail validation vulnerability Moderate
CVE-2023-34099 was published for shopware/shopware (Composer) Jun 28, 2023
Electron context isolation bypass via nested unserializable return value Moderate
CVE-2023-29198 was published for electron (npm) Sep 6, 2023
MarshallOfSound nornagon
Mattermost denial of service vulnerability Moderate
CVE-2023-5967 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 6, 2023
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls Moderate
CVE-2024-24567 was published for vyper (pip) Jan 30, 2024
cyberthirst pcaversaccio
kuroi8 0xdeadbeef0x
BuildKit vulnerable to possible panic when incorrect parameters sent from frontend Moderate
CVE-2024-23650 was published for github.com/moby/buildkit (Go) Jan 31, 2024
cpuguy83
moby docker daemon crash during image pull of malicious image Moderate
CVE-2021-21285 was published for github.com/moby/moby (Go) Jan 31, 2024
bgeesaman joshlarsen
IanColdwater mauilion raesene cpuguy83 neersighted
Mattermost crashes web clients via a malformed custom status Moderate
CVE-2024-4182 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
Tor path lengths too short when "full Vanguards" configured Moderate
CVE-2024-35313 was published for arti (Rust) May 18, 2024
socket.io has an unhandled 'error' event Moderate
CVE-2024-38355 was published for socket.io (npm) Jun 19, 2024
Y0ursTruly
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling Moderate
CVE-2024-39832 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
loona-hpack Panic Vulnerability Moderate
CVE-2024-51502 was published for loona-hpack (Rust) Nov 4, 2024
ProTip! Advisories are also available from the GraphQL API