Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

99,152 advisories

Loading
async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow High
GHSA-xq3c-8gqm-v648 was published for async-graphql (Rust) Jul 29, 2022
nullswan MdotTIM
karimhreda
URL Rewrite vulnerability in multiple zendframework components High
GHSA-f6p5-76fp-m248 was published for zendframework/zend-diactoros (Composer) Apr 28, 2022
autogluon.multimodal vulnerable to unsafe YAML deserialization High
GHSA-6h2x-4gjf-jc5w was published for autogluon.multimodal (pip) Sep 21, 2022
sxjscience
Denial of service in ASP.NET Core High
CVE-2018-8269 was published for Microsoft.AspNetCore.All (NuGet) Oct 16, 2018
leecow
Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue High
GHSA-q2fj-6h62-59m2 was published for io.apiman:apiman-distro-vertx (Maven) Dec 30, 2022
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow High
CVE-2022-40151 was published for com.thoughtworks.xstream:xstream (Maven) Dec 30, 2022
oqs's Post-Quantum Signature scheme Rainbow level I parametersets broken High
GHSA-h864-m8vm-3xvj was published for oqs (Rust) Aug 18, 2022
Potential inter-blockchain communication (IBC) protocol compromise via "Dragonberry" vulnerability in cheqd High
GHSA-j92c-mmf7-j5x5 was published for github.com/cheqd/cheqd-node (Go) Oct 18, 2022
PocketMine-MP invalid skin geometry JSON data leading to server crash High
GHSA-8cwq-4cmf-px73 was published for pocketmine/pocketmine-mp (Composer) Aug 18, 2022
Redwood is vulnerable to account takeover via dbAuth "forgot-password" High
GHSA-3qmc-2r76-4rqp was published for @redwoodjs/api (npm) Nov 10, 2022
django-sendfile2 before 0.7.0 contains reflected file download vulnerability High
GHSA-pcjh-6r5h-r92r was published for django-sendfile2 (pip) Aug 11, 2022
moggers87 sergei-maertens
`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr High
GHSA-c439-chv8-8g2j was published for os_socketaddr (Rust) Sep 2, 2022
Prometheus vulnerable to basic authentication bypass High
GHSA-4v48-4q5m-8vx4 was published for github.com/prometheus/prometheus (Go) Dec 5, 2022
chunklhit
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users High
CVE-2015-2080 was published for org.eclipse.jetty:jetty-server (Maven) Nov 9, 2018
Keycloak vulnerable to uncontrolled resource consumption High
CVE-2014-3651 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Keycloak vulnerable to infinite loop based Denial of Service High
CVE-2017-2646 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
jackson-dataformat-xml vulnerable to server side request forgery (SSRF) High
CVE-2016-7051 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-xml (Maven) Oct 18, 2018
OrientDB-Server vulnerable to Cross-Site Request Forgery High
CVE-2015-2912 was published for com.orientechnologies:orientdb-studio (Maven) Oct 18, 2018
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console High
CVE-2022-2668 was published for org.keycloak:keycloak-parent (Maven) Sep 23, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete High
GHSA-28q9-9c3g-v3f9 was published for github.com/treeverse/lakefs (Go) Sep 23, 2022
Parse Server before v3.4.1 vulnerable to Denial of Service High
CVE-2019-1020012 was published for parse-server (npm) Jun 13, 2019
Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library High
GHSA-gmhj-xjfh-cf6m was published for github.com/mohammed90/caddy-ssh (Go) Sep 23, 2022
porcupineyhairs
ckb type_id script resume may randomly fail High
GHSA-mcmr-49x3-4jqm was published for ckb (Rust) Nov 2, 2022
Phoenix-ws source code and data in extensions folder is publicly available High
GHSA-c8f7-x2g7-7fxj was published for phoenix-ws (pip) Jun 2, 2022
ProTip! Advisories are also available from the GraphQL API