Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3,107 advisories

Loading
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes Critical
CVE-2024-47533 was published for cobbler (pip) Nov 18, 2024
opoplawski
django CMS Cross-Site Scripting (XSS) Critical
CVE-2024-11319 was published for django-cms (pip) Nov 18, 2024
LibreNMS has an Authenticated OS Command Injection Critical
CVE-2024-51092 was published for librenms/librenms (Composer) Nov 15, 2024
mallo-m
Stored XSS using two files in usememos/memos Critical
CVE-2023-0109 was published for github.com/usememos/memos (Go) Nov 15, 2024
Deserialization of Untrusted Data in dompdf/dompdf Critical
CVE-2021-3838 was published for dompdf/dompdf (Composer) Nov 15, 2024
Improper Restriction of XML External Entity Reference in dompdf/dompdf Critical
CVE-2021-3902 was published for dompdf/dompdf (Composer) Nov 15, 2024
Duplicate Advisory: .NET and Visual Studio Remote Code Execution Vulnerability Critical
GHSA-8rxm-6783-qh55 was published for System.Formats.Nrbf (NuGet) Nov 12, 2024 withdrawn
jj vulnerable to path traversal via crafted Git repositories Critical
CVE-2024-51990 was published for jj-lib (Rust) Nov 7, 2024
joernchen yuja
codechecker vulnerable to authentication bypass when using specifically crafted URLs Critical
CVE-2024-10081 was published for codechecker (pip) Nov 6, 2024
Discookie dkrupp
happy-dom allows for server side code to be executed by a <script> tag Critical
CVE-2024-51757 was published for happy-dom (npm) Nov 6, 2024
kevin-mizu
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE Critical
CVE-2024-51735 was published for github.com/j3ssie/osmedeus (Go) Nov 5, 2024
n00b-bot
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes Critical
CVE-2024-51501 was published for Refit (NuGet) Nov 4, 2024
sofiaml glennawatson
DOMPurify vulnerable to tampering by prototype polution Critical
CVE-2024-48910 was published for dompurify (npm) Oct 31, 2024
eslerm
NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability Critical
CVE-2024-0132 was published for github.com/NVIDIA/nvidia-container-toolkit (Go) Oct 29, 2024
Waitress has request processing race condition in HTTP pipelining with invalid first request Critical
CVE-2024-49768 was published for waitress (pip) Oct 29, 2024
digitalresistor mmerickel
Withdrawn Advisory: go-mysql affected by go.uuid's Predictable UUID Identifiers Critical
GHSA-rc7v-65v6-m2v3 was published for github.com/go-mysql-org/go-mysql (Go) Oct 28, 2024 withdrawn
Fidget-Grep
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications Critical
CVE-2024-38821 was published for org.springframework.security:spring-security-web (Maven) Oct 28, 2024
github.com/crossplane/crossplane: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses Critical
GHSA-7h65-4p22-39j6 was published for github.com/crossplane/crossplane (Go) Oct 25, 2024
aditya-mayo
RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists Critical
GHSA-x7xj-jvwp-97rv was published for github.com/rancher/rke2 (Go) Oct 25, 2024
Rancher Remote Code Execution via Cluster/Node Drivers Critical
CVE-2024-22036 was published for github.com/rancher/rancher (Go) Oct 25, 2024
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists Critical
CVE-2023-32197 was published for github.com/rancher/rancher (Go) Oct 25, 2024
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses Critical
CVE-2024-47883 was published for org.openrefine.dependencies:butterfly (Maven) Oct 24, 2024
Grafana Command Injection And Local File Inclusion Via Sql Expressions Critical
CVE-2024-9264 was published for github.com/grafana/grafana (Go) Oct 18, 2024
Malayke
Duplicate Advisory: Permissive Regular Expression in tacquito Critical
GHSA-j42f-wc6v-5xpq was published for github.com/tacquito/tacquito (Go) Oct 17, 2024 withdrawn
ProTip! Advisories are also available from the GraphQL API