Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,201 advisories

Loading
Oqtane Framework Insecure Direct Object Reference vulnerability Low
CVE-2024-55186 was published for Oqtane.Client (NuGet) Dec 20, 2024
QOS.CH logback-core Server-Side Request Forgery vulnerability Low
CVE-2024-12801 was published for ch.qos.logback:logback-core (Maven) Dec 19, 2024
HTHou
Prototype pollution in jsii.configureCategories Low
GHSA-m56h-5xx3-2jc2 was published for jsii (npm) Dec 18, 2024
Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm Low
CVE-2024-56128 was published for org.apache.kafka:kafka (Maven) Dec 18, 2024
SurrealDB has Silent Failure to Overwrite Table Definition of Relation Type Low
GHSA-27vq-hv74-7cqp was published for surrealdb (Rust) Dec 16, 2024
AlbertMarashi
sigstore has insufficient validation of integration timestamp during verification Low
CVE-2024-55655 was published for sigstore (pip) Dec 11, 2024
woodruffw haydentherapper
Possible Content Security Policy bypass in Action Dispatch Low
CVE-2024-54133 was published for actionpack (RubyGems) Dec 10, 2024
Simulation of Wasmd message can cause crashing Low
GHSA-vmg2-r3xv-r3xf was published for github.com/CosmWasm/wasmd (Go) Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability Low
CVE-2024-55636 was published for drupal/core (Composer) Dec 10, 2024
lxd CA certificate sign check bypass Low
CVE-2024-6156 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing
lxd has a restricted TLS certificate privilege escalation when in PKI mode Low
CVE-2024-6219 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions Low
CVE-2024-53947 was published for apache-superset (pip) Dec 9, 2024
shared_preferences_android vulnerability Low
GHSA-3hpf-ff72-j67p was published for shared_preferences_android (Pub) Dec 6, 2024
oskar-zeinomahmalat-sonarsource reidbaker
stuartmorgan
sigstore-java has a vulnerability with bundle verification Low
CVE-2024-54140 was published for dev.sigstore:sigstore-java (Maven) Dec 5, 2024
loosebazooka
Unsound usages of `std::slice::from_raw_parts` Low
GHSA-gw5w-5j7f-jmjj was published for pprof (Rust) Dec 5, 2024
Firepad allows insecure document access Low
CVE-2024-51210 was published for firepad (npm) Dec 4, 2024
linkme fails to ensure slice elements match the slice's declared type Low
GHSA-f95p-4cv5-8w8x was published for linkme (Rust) Dec 4, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53989 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53987 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53988 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53986 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitize has XSS vulnerability with certain configurations Low
CVE-2024-53985 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
PyJWT Issuer field partial matches allowed Low
CVE-2024-53861 was published for PyJWT (pip) Dec 2, 2024
fabianbadoi
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability Low
CVE-2024-52800 was published for org.verapdf:core (Maven) Dec 2, 2024
Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API Low
CVE-2024-52008 was published for ethyca-fides (pip) Nov 26, 2024
h0wl andres-torres-marroquin
daveqnet erosselli
ProTip! Advisories are also available from the GraphQL API