Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

20,227 advisories

Loading
JSON-lib mishandles an unbalanced comment string Moderate
CVE-2024-47855 was published for org.kordamp.json:json-lib-core (Maven) Oct 4, 2024
@saltcorn/server arbitrary file and directory listing when accessing build mobile app results Moderate
GHSA-cfqx-f43m-vfh7 was published for @saltcorn/server (npm) Oct 3, 2024
dellalibera
@saltcorn/server arbitrary file zip read and download when downloading auto backups Moderate
GHSA-277h-px4m-62q8 was published for @saltcorn/server (npm) Oct 3, 2024
dellalibera
async-graphql Directive Overload High
CVE-2024-47614 was published for async-graphql (Rust) Oct 3, 2024
Sentry SDK Prototype Pollution gadget in JavaScript SDKs Moderate
GHSA-593m-55hh-j8gv was published for @sentry/browser (npm) Oct 3, 2024
Injection of arbitrary HTML/JavaScript code through the media download URL Moderate
CVE-2024-47617 was published for sulu/sulu (Composer) Oct 3, 2024
Cross-site Scripting via uploaded SVG Moderate
CVE-2024-47618 was published for sulu/sulu (Composer) Oct 3, 2024
Vulnerable juju introspection abstract UNIX domain socket Moderate
CVE-2024-8038 was published for github.com/juju/juju (Go) Oct 3, 2024
hpidcock
Vulnerable juju hook tool abstract UNIX domain socket Moderate
CVE-2024-8037 was published for github.com/juju/juju (Go) Oct 3, 2024
hpidcock phvalguima
PAM module may allow accessing with the credentials of another user High
CVE-2024-9313 was published for github.com/ubuntu/authd (Go) Oct 3, 2024
3v1n0 didrocks
adombeck
OpenTofu potential leaking of secret variable values when using static evaluation in v1.8 Low
GHSA-wpr2-j6gr-pjw9 was published for github.com/opentofu/opentofu (Go) Oct 3, 2024
Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend Moderate
CVE-2024-47762 was published for @backstage/plugin-app-backend (npm) Oct 3, 2024
JUJU_CONTEXT_ID is a predictable authentication secret Moderate
CVE-2024-7558 was published for github.com/juju/juju (Go) Oct 3, 2024
hpidcock lucistanescu
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader High
CVE-2024-47554 was published for commons-io:commons-io (Maven) Oct 3, 2024
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) Critical
CVE-2024-47561 was published for org.apache.avro:avro (Maven) Oct 3, 2024
dbrugman
Pomerium service account access token may grant unintended access to databroker API High
CVE-2024-47616 was published for github.com/pomerium/pomerium (Go) Oct 2, 2024
Contao allows admin an account to upload SVG file containing malicious JavaScript Low
CVE-2024-45965 was published for contao/contao (Composer) Oct 2, 2024
October allows an admin account to upload PDF containing malicious JavaScript Low
CVE-2024-45962 was published for october/october (Composer) Oct 2, 2024
Zenario allows authenticated admin users to upload PDF files containing malicious code Low
CVE-2024-45960 was published for tribalsystems/zenario (Composer) Oct 2, 2024
Zenario Cross Site Scripting in the Image library Low
CVE-2024-45964 was published for tribalsystems/zenario (Composer) Oct 2, 2024
Slim Select has potential Cross-site Scripting issue Low
CVE-2024-9440 was published for slim-select (npm) Oct 2, 2024
m3t3kh4n
OpenC3 stores passwords in clear text (`GHSL-2024-129`) Moderate
CVE-2024-47529 was published for @openc3/tool-common (RubyGems) Oct 2, 2024
p-
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`) High
CVE-2024-46977 was published for openc3 (RubyGems) Oct 2, 2024
p-
ProTip! Advisories are also available from the GraphQL API