Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

20,878 advisories

Loading
D-Tale allows Remote Code Execution through the Custom Filter Input Moderate
CVE-2024-55890 was published for dtale (pip) Dec 13, 2024
TaiPhung217
thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames Moderate
CVE-2024-55889 was published for thorsten/phpmyfaq (Composer) Dec 13, 2024
geo-chen
Ucum-java has an XXE vulnerability in XML parsing High
CVE-2024-55887 was published for org.fhir:ucum (Maven) Dec 13, 2024
Laravel Pulse Allows Remote Code Execution via Unprotected Query Method High
CVE-2024-55661 was published for laravel/pulse (Composer) Dec 13, 2024
Browsershot Local File Inclusion High
CVE-2024-21544 was published for spatie/browsershot (Composer) Dec 13, 2024
djoser Authentication Bypass High
CVE-2024-21543 was published for djoser (pip) Dec 13, 2024
Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service Moderate
CVE-2024-12289 was published for github.com/hashicorp/boundary (Go) Dec 13, 2024
XWiki allows remote code execution through the extension sheet Critical
CVE-2024-55662 was published for org.xwiki.platform:xwiki-platform-repository-server-ui (Maven) Dec 12, 2024
Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx Moderate
CVE-2024-55878 was published for shuchkin/simplexlsx (Composer) Dec 12, 2024
shuchkin
Beego has Collision Hazards of MD5 in Cache Key Filenames Moderate
CVE-2024-55885 was published for github.com/beego/beego (Go) Dec 12, 2024
kexinoh
XWiki Platform has an SQL injection in getdocuments.vm with sort parameter High
CVE-2024-55663 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Dec 12, 2024
http4k has a potential XXE (XML External Entity Injection) vulnerability Critical
CVE-2024-55875 was published for org.http4k:http4k-format-xml (Maven) Dec 12, 2024
JAckLosingHeart
XWiki's scheduler in subwiki allows scheduling operations for any main wiki user Moderate
CVE-2024-55876 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Dec 12, 2024
XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList Critical
CVE-2024-55877 was published for org.xwiki.platform:xwiki-platform-help-ui (Maven) Dec 12, 2024
XWiki allows RCE from script right in configurable sections Critical
CVE-2024-55879 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 12, 2024
Potential Vulnerabilities Due to Outdated golang.org/x/crypto Dependency in NanoProxy High
GHSA-7prj-hgx4-2xc3 was published for github.com/ryanbekhen/nanoproxy (Go) Dec 12, 2024
Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access High
CVE-2024-55633 was published for apache-superset (pip) Dec 12, 2024
Duplicate Advisory: cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs Moderate
CVE-2024-12401 was published for github.com/cert-manager/cert-manager (Go) Dec 12, 2024 withdrawn
undertow: information leakage via HTTP/2 request header reuse High
CVE-2024-4109 was published for io.undertow:undertow-core (Maven) Dec 12, 2024
io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling High
CVE-2024-12397 was published for io.quarkus.http:quarkus-http-core (Maven) Dec 12, 2024
python-libarchive directory traversal High
CVE-2024-55587 was published for python-libarchive (pip) Dec 12, 2024
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto Critical
CVE-2024-45337 was published for golang.org/x/crypto (Go) Dec 11, 2024
ryanbekhen SuperSandro2000
PQClean has a correctness error in HQC decapsulation High
GHSA-753p-wrj5-g8fj was published for pqcrypto-hqc (Rust) Dec 11, 2024
dgoudarzi SWilson4
SiYuan has an arbitrary file read via /api/template/render High
CVE-2024-55657 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
SiYuan has an arbitrary file read and path traversal via /api/export/exportResources High
CVE-2024-55658 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
ProTip! Advisories are also available from the GraphQL API