Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

251 advisories

Loading
Unsafe handling of user-specified cookies in treq High
CVE-2022-23607 was published for treq (pip) Feb 1, 2022
glyph twm
hornetq vulnerable to file overwrite, sensitive information disclosure High
CVE-2024-51127 was published for org.hornetq:hornetq-core-client (Maven) Nov 4, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments High
CVE-2024-34002 was published for moodle/moodle (Composer) May 31, 2024
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access High
CVE-2024-32498 was published for cinder (pip) Jul 5, 2024
phpBB vulnerable to sensitive information disclosure High
CVE-2008-6507 was published for phpbb/phpbb (Composer) May 17, 2022
Rudloff
Splash authentication credentials potentially leaked to target websites High
CVE-2021-41124 was published for scrapy-splash (pip) Oct 6, 2021
SaltStack Salt Information Exposure High
CVE-2017-8109 was published for salt (pip) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager High
CVE-2021-21336 was published for Products.PluggableAuthService (pip) Mar 8, 2021
chutchut
secp256k1-node allows private key extraction over ECDH High
CVE-2024-48930 was published for secp256k1 (npm) Oct 21, 2024
ChALkeR jprichardson
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec High
CVE-2024-22032 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request High
CVE-2016-8747 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room High
CVE-2024-47824 was published for matrix-react-sdk (npm) Oct 15, 2024
dkasak
Matrix JavaScript SDK's key history sharing could share keys to malicious devices High
CVE-2024-47080 was published for matrix-js-sdk (npm) Oct 15, 2024
dkasak
Plone Information Disclosure High
CVE-2012-5505 was published for Plone (pip) May 17, 2022
Keycloak's admin API allows low privilege users to use administrative functions High
CVE-2024-3656 was published for org.keycloak:keycloak-services (Maven) Jun 11, 2024
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183) High
CVE-2024-46987 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Paramiko Unsafe randomness usage may allow access to sensitive information High
CVE-2008-0299 was published for paramiko (pip) May 1, 2022
OMERO.web exposes some unnecessary session information in the page High
CVE-2021-21376 was published for omero-web (pip) Mar 23, 2021
OpenStack Nova Server Resource Faults Leak External Exception Details High
CVE-2019-14433 was published for nova (pip) May 24, 2022
Nautobot vulnerable to exposure of hashed user passwords via REST API High
CVE-2023-46128 was published for nautobot (pip) Oct 24, 2023
Liferay Portal vulnerable to user impersonation High
CVE-2024-25148 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
MoinMoin Exposure of Sensitive Disclosure when GATEWAY_INTERFACE variable is set High
CVE-2010-0667 was published for moin (pip) May 2, 2022
anonymous4ACL24
RestrictedPython information leakage via `AttributeError.obj` and the `string` module High
CVE-2024-47532 was published for RestrictedPython (pip) Sep 30, 2024
Quasar0147 dronex7070
d-maurer dataflake icemac
openstack-mistral Discloses the presence of arbitrary files within the filesystem High
CVE-2018-16849 was published for mistral (pip) May 13, 2022
RhodeCode and Kallithea are vulnerable to sensitive information disclosure High
CVE-2015-0260 was published for Kallithea (pip) May 13, 2022
ProTip! Advisories are also available from the GraphQL API