Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

42 advisories

Loading
Mellium allows Authentication Bypass by Spoofing Critical
CVE-2024-46957 was published for mellium.im/xmpp (Go) Sep 25, 2024
CoreDNS Cache Poisoning via a birthday attack Moderate
CVE-2023-30464 was published for github.com/coredns/coredns (Go) Sep 18, 2024
Apache SeaTunnel Web Authentication vulnerability High
CVE-2023-48396 was published for org.apache.seatunnel:seatunnel-web (Maven) Jul 30, 2024
Grafana Escalation from admin to server admin when auth proxy is used High
CVE-2022-35957 was published for github.com/grafana/grafana (Go) May 14, 2024
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled High
CVE-2024-32977 was published for OctoPrint (pip) May 14, 2024
jacopotediosi
Jenkins Script Security Plugin sandbox bypass vulnerability High
CVE-2024-34145 was published for org.jenkins-ci.plugins:script-security (Maven) May 2, 2024
Apache HugeGraph-Server: Bypass whitelist in Auth mode High
CVE-2024-27349 was published for org.apache.hugegraph:hugegraph-api (Maven) Apr 22, 2024
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Apache Zeppelin: Replacing other users notebook, bypassing any permissions Moderate
CVE-2024-31863 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
Ollama DNS rebinding vulnerability High
CVE-2024-28224 was published for github.com/ollama/ollama (Go) Apr 8, 2024
SMTP smuggling in Apache James High
CVE-2023-51747 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security Moderate
CVE-2024-21494 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Header spoofing in caddy-geo-ip Moderate
CVE-2023-50463 was published for github.com/shift72/caddy-geo-ip (Go) Dec 11, 2023
pretix potential IP address spoofing vulnerability Moderate
CVE-2023-44463 was published for pretix (pip) Oct 2, 2023
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes Low
CVE-2023-41329 was published for com.github.tomakehurst:wiremock-jre8 (Maven) Sep 8, 2023
W0rty numacanedo
tomakehurst Mahoney oleg-nenashev
Grafana vulnerable to Authentication Bypass by Spoofing Critical
CVE-2023-3128 was published for github.com/grafana/grafana (Go) Jun 22, 2023
passport-wsfed-saml2 vulnerable to Signature Bypass in SAML2 token High
CVE-2017-16897 was published for passport-wsfed-saml2 (npm) Jun 21, 2023
Parse Server option `masterKeyIps` vulnerability to IP spoofing High
CVE-2023-22474 was published for parse-server (npm) Jan 31, 2023
dblythy
python-jwt vulnerable to token forgery with new claims Critical
CVE-2022-39227 was published for python-jwt (pip) Sep 21, 2022
TomTervoort
Microweber before 1.2.21 allows attacker to bypass IP detection to brute-force password Moderate
CVE-2022-2368 was published for microweber/microweber (Composer) Jul 12, 2022
Argo CD will blindly trust JWT claims if anonymous access is enabled Critical
CVE-2022-29165 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
Django WSGI Header Spoofing Vulnerability Moderate
CVE-2015-0219 was published for Django (pip) May 17, 2022
Electron vulnerable to URL spoofing via PDFium Moderate
CVE-2017-1000424 was published for Electron (npm) May 13, 2022
jhutchings1
Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding High
CVE-2018-7160 was published for node-inspector (npm) May 13, 2022 withdrawn
NextAuth.js default redirect callback vulnerable to open redirects Moderate
CVE-2022-24858 was published for next-auth (npm) Apr 22, 2022
rustyguts
ProTip! Advisories are also available from the GraphQL API