Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

59 advisories

Loading
Moodle has insufficient capability checks Low
CVE-2024-43435 was published for moodle/moodle (Composer) Nov 11, 2024
loona-hpack Panic Vulnerability Moderate
CVE-2024-51502 was published for loona-hpack (Rust) Nov 4, 2024
Jenkins Remoting library arbitrary file read vulnerability High
CVE-2024-43044 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling Moderate
CVE-2024-39832 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
XMP Toolkit's `XmpFile::close` can trigger undefined behavior Low
GHSA-66fw-43h8-f8p3 was published for xmp_toolkit (Rust) Jul 26, 2024
socket.io has an unhandled 'error' event Moderate
CVE-2024-38355 was published for socket.io (npm) Jun 19, 2024
Y0ursTruly
LNbits improperly handles potential network and payment failures when using Eclair backend High
CVE-2024-34694 was published for lnbits (pip) Jun 17, 2024
Semisol fishcakeday
Directus is soft-locked by providing a string value to random string util High
CVE-2024-36128 was published for directus (npm) Jun 4, 2024
Zehir
Tor path lengths too short when "full Vanguards" configured Moderate
CVE-2024-35313 was published for arti (Rust) May 18, 2024
Tor Arti's STUB circuits incorrectly have a length of 2 High
CVE-2024-35312 was published for arti (Rust) May 18, 2024
Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX High
CVE-2024-34360 was published for github.com/spacemeshos/api (Go) May 10, 2024
Mattermost crashes web clients via a malformed custom status Moderate
CVE-2024-4182 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
HPACK decoder panics on invalid input High
GHSA-w7hm-hmxv-pvhf was published for hpack (Rust) Apr 5, 2024
XSS sidekiq-unique-jobs UI server vulnerability High
CVE-2024-25122 was published for sidekiq-unique-jobs (RubyGems) Feb 13, 2024
pboling Earlopain
moby docker daemon crash during image pull of malicious image Moderate
CVE-2021-21285 was published for github.com/moby/moby (Go) Jan 31, 2024
bgeesaman joshlarsen
IanColdwater mauilion raesene cpuguy83 neersighted
BuildKit vulnerable to possible panic when incorrect parameters sent from frontend Moderate
CVE-2024-23650 was published for github.com/moby/buildkit (Go) Jan 31, 2024
cpuguy83
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls Moderate
CVE-2024-24567 was published for vyper (pip) Jan 30, 2024
cyberthirst pcaversaccio
kuroi8 0xdeadbeef0x
Mattermost denial of service vulnerability Moderate
CVE-2023-5967 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 6, 2023
Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions High
CVE-2023-45812 was published for apollo-router (Rust) Oct 19, 2023
garypen BrynCooke
BryanBarron jasonbarnett667 shorgi
Electron context isolation bypass via nested unserializable return value Moderate
CVE-2023-29198 was published for electron (npm) Sep 6, 2023
MarshallOfSound nornagon
json2xml Uncaught Exception vulnerability High
CVE-2022-25024 was published for json2xml (pip) Aug 23, 2023
Feathers socket handler allows abusing implicit toString High
CVE-2023-37899 was published for @feathersjs/socketio (npm) Jul 20, 2023
CodeanIO
Shopware improper mail validation vulnerability Moderate
CVE-2023-34099 was published for shopware/shopware (Composer) Jun 28, 2023
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall` Moderate
CVE-2023-34449 was published for ink (Rust) Jun 14, 2023
Insufficient validation when decoding a Socket.IO packet Moderate
CVE-2023-32695 was published for socket.io-parser (npm) May 23, 2023
rafax00 darrachequesne
ProTip! Advisories are also available from the GraphQL API