Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

970 advisories

Loading
django Filer Unrestricted Upload of File with Dangerous Type Moderate
CVE-2024-11404 was published for django-filer (pip) Nov 20, 2024
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request High
CVE-2024-0793 was published for k8s.io/kubernetes (Go) Nov 17, 2024
Ansible-Core vulnerable to content protections bypass Low
CVE-2024-11079 was published for ansible-core (pip) Nov 12, 2024
Undertow Denial of Service vulnerability Moderate
CVE-2023-1973 was published for io.undertow:undertow-core (Maven) Nov 7, 2024
Symfony has an incorrect response from Validator when input ends with `\n` Low
CVE-2024-50343 was published for symfony/symfony (Composer) Nov 6, 2024
alexandre-daubois
Symfony allows changing the environment through a query Moderate
CVE-2024-50340 was published for symfony/runtime (Composer) Nov 6, 2024
wouterj
Denied Host Validation Bypass in Zitadel Actions Moderate
CVE-2024-49753 was published for github.com/zitadel/zitadel (Go) Oct 25, 2024
prdp1137 livio-a
fforootd
Apache Syncope: Stored XSS in Console and Enduser Moderate
CVE-2024-45031 was published for org.apache.syncope.client:syncope-client-console (Maven) Oct 24, 2024
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy Critical
CVE-2024-48914 was published for @vendure/asset-server-plugin (npm) Oct 15, 2024
Magento Open Source Improper Input Validation vulnerability Moderate
CVE-2024-45117 was published for magento/community-edition (Composer) Oct 10, 2024
Livewire Remote Code Execution on File Uploads High
CVE-2024-47823 was published for livewire/livewire (Composer) Oct 8, 2024
angelej RChutchev
Improper Input Validation in Buildah and Podman Moderate
CVE-2024-9407 was published for github.com/containers/buildah (Go) Oct 1, 2024
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
Mesop has a local file Inclusion via static file serving functionality High
CVE-2024-45601 was published for mesop (pip) Sep 18, 2024
Letm3through
Apache Druid: Users can provide MySQL JDBC properties not on allow list Low
CVE-2024-45537 was published for org.apache.druid:druid (Maven) Sep 17, 2024
Contao affected by insert tag injection via canonical URL Moderate
CVE-2024-45612 was published for contao/core-bundle (Composer) Sep 17, 2024
aschempp
req may send an unintended request when a malformed URL is provided Moderate
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
Concrete CMS Stored Cross-site Scripting vulnerability Low
CVE-2024-4350 was published for concrete5/concrete5 (Composer) Aug 12, 2024
Apache DolphinScheduler: RCE by arbitrary js execution High
CVE-2024-29831 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Aug 12, 2024
Apache DolphinScheduler: Resource File Read And Write Vulnerability High
CVE-2024-30188 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Aug 12, 2024
Concrete CMS Stored XSS in getAttributeSetName Low
CVE-2024-7394 was published for concrete5/concrete5 (Composer) Aug 8, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting Low
CVE-2024-4353 was published for concrete5/concrete5 (Composer) Aug 1, 2024
Weave server API vulnerable to arbitrary file leak High
CVE-2024-7340 was published for weave (pip) Jul 31, 2024
The fuels-ts typescript SDK has no awareness of to-be-spent transactions Low
CVE-2024-41945 was published for @fuel-ts/account (npm) Jul 30, 2024
Torres-ssf danielbate
Dhaiwat10 petertonysmith94 maschad arboleya
ProTip! Advisories are also available from the GraphQL API