Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

20,972 advisories

Loading
Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service Moderate
CVE-2024-12289 was published for github.com/hashicorp/boundary (Go) Dec 13, 2024
XWiki allows remote code execution through the extension sheet Critical
CVE-2024-55662 was published for org.xwiki.platform:xwiki-platform-repository-server-ui (Maven) Dec 12, 2024
Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx Moderate
CVE-2024-55878 was published for shuchkin/simplexlsx (Composer) Dec 12, 2024
shuchkin
Beego has Collision Hazards of MD5 in Cache Key Filenames Moderate
CVE-2024-55885 was published for github.com/beego/beego (Go) Dec 12, 2024
kexinoh
XWiki Platform has an SQL injection in getdocuments.vm with sort parameter High
CVE-2024-55663 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Dec 12, 2024
http4k has a potential XXE (XML External Entity Injection) vulnerability Critical
CVE-2024-55875 was published for org.http4k:http4k-format-xml (Maven) Dec 12, 2024
JAckLosingHeart
XWiki's scheduler in subwiki allows scheduling operations for any main wiki user Moderate
CVE-2024-55876 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Dec 12, 2024
XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList Critical
CVE-2024-55877 was published for org.xwiki.platform:xwiki-platform-help-ui (Maven) Dec 12, 2024
XWiki allows RCE from script right in configurable sections Critical
CVE-2024-55879 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 12, 2024
Potential Vulnerabilities Due to Outdated golang.org/x/crypto Dependency in NanoProxy High
GHSA-7prj-hgx4-2xc3 was published for github.com/ryanbekhen/nanoproxy (Go) Dec 12, 2024
Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access High
CVE-2024-55633 was published for apache-superset (pip) Dec 12, 2024
Duplicate Advisory: cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs Moderate
CVE-2024-12401 was published for github.com/cert-manager/cert-manager (Go) Dec 12, 2024 withdrawn
undertow: information leakage via HTTP/2 request header reuse High
CVE-2024-4109 was published for io.undertow:undertow-core (Maven) Dec 12, 2024
io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling High
CVE-2024-12397 was published for io.quarkus.http:quarkus-http-core (Maven) Dec 12, 2024
python-libarchive directory traversal High
CVE-2024-55587 was published for python-libarchive (pip) Dec 12, 2024
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto Critical
CVE-2024-45337 was published for golang.org/x/crypto (Go) Dec 11, 2024
ryanbekhen SuperSandro2000
PQClean has a correctness error in HQC decapsulation High
GHSA-753p-wrj5-g8fj was published for pqcrypto-hqc (Rust) Dec 11, 2024
dgoudarzi SWilson4
SiYuan has an arbitrary file read via /api/template/render High
CVE-2024-55657 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
SiYuan has an arbitrary file read and path traversal via /api/export/exportResources High
CVE-2024-55658 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
SiYuan has an arbitrary file write in the host via /api/asset/upload High
CVE-2024-55659 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
SiYuan has an SSTI via /api/template/renderSprig Moderate
CVE-2024-55660 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
kcp's impersonation allows access to global administrative groups Moderate
GHSA-c7xh-gjv4-4jgv was published for github.com/kcp-dev/kcp (Go) Dec 11, 2024
sigstore has insufficient validation of integration timestamp during verification Low
CVE-2024-55655 was published for sigstore (pip) Dec 11, 2024
woodruffw haydentherapper
Apache Struts file upload logic is flawed Critical
CVE-2024-53677 was published for org.apache.struts:struts2-core (Maven) Dec 11, 2024
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion Moderate
CVE-2024-53866 was published for pnpm (npm) Dec 10, 2024
ChALkeR
ProTip! Advisories are also available from the GraphQL API