Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

9,023 advisories

Loading
Kanister vulnerable to cluster-level privilege escalation Moderate
CVE-2024-43403 was published for github.com/kanisterio/kanister (Go) Aug 20, 2024
younaman hairyhum
Man-in-the-Middle (MitM) Moderate
CVE-2014-5277 was published for github.com/docker/docker (Go) Feb 15, 2022
Sentry improper error handling leaks Application Integration Client Secret Moderate
CVE-2024-53253 was published for sentry (pip) Nov 22, 2024
Improper Input Validation vulnerability in Apache Hop Engine Moderate
CVE-2024-24683 was published for org.apache.hop:hop (Maven) Mar 19, 2024
cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs Moderate
GHSA-r4pg-vg54-wxx4 was published for github.com/cert-manager/cert-manager (Go) Nov 20, 2024
Password Pusher rate limiter can be bypassed by forging proxy headers Moderate
CVE-2024-52796 was published for pwpush (RubyGems) Nov 20, 2024
Rancher Helm Applications may have sensitive values leaked Moderate
CVE-2024-52282 was published for github.com/rancher/rancher (Go) Nov 20, 2024
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls Moderate
CVE-2024-24567 was published for vyper (pip) Jan 30, 2024
cyberthirst pcaversaccio
kuroi8 0xdeadbeef0x
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables Moderate
GHSA-pqhp-25j4-6hq9 was published for smol-toml (npm) Nov 22, 2024
TheKodeToad
Vyper has incorrect re-entrancy lock when key is empty string Moderate
CVE-2023-42441 was published for vyper (pip) Sep 18, 2023
trocher
transformers has Insecure Temporary File Moderate
CVE-2023-2800 was published for transformers (pip) May 18, 2023
sfblackl-intel
Zope Denial of Service (DoS) vulnerability in ZServer Moderate
CVE-2010-3198 was published for Zope (pip) May 17, 2022
Boolector use after free Moderate
CVE-2019-7560 was published for pyboolector (pip) May 14, 2022
libpg_query memory leak Moderate
CVE-2018-18482 was published for pg-query (pip) May 13, 2022
PaddlePaddle nullptr dereference in paddle.crop Moderate
CVE-2023-52312 was published for PaddlePaddle (pip) Jan 3, 2024
Mayan EDMS DMS XSS vulnerability Moderate
CVE-2022-47419 was published for mayan-edms (pip) Feb 8, 2023
Mayan EDMS multiple cross-site scripting (XSS) vulnerabilities Moderate
CVE-2014-3840 was published for mayan-edms (pip) May 17, 2022
Ipsilon denial of service via a duplicate SP name Moderate
CVE-2015-5217 was published for ipsilon (pip) May 17, 2022
Ipsilon denial of service by deleting a SAML2 Service Provider (SP) Moderate
CVE-2015-5301 was published for ipsilon (pip) May 17, 2022
safeurl-python contains Server-Side Request Forgery Moderate
CVE-2023-24622 was published for safeurl-python (pip) Jan 27, 2023
whoissecure
OpenStack Glance logs user name and password in cleartext Moderate
CVE-2013-0212 was published for glance (pip) May 5, 2022
Missing rate limit on rdiffweb Moderate
CVE-2022-3456 was published for rdiffweb (pip) Oct 14, 2022
rdiffweb vulnerable to Open Redirect Moderate
CVE-2022-3438 was published for rdiffweb (pip) Oct 10, 2022
rdiffweb allows a new password to be the same as the previous password Moderate
CVE-2022-3376 was published for rdiffweb (pip) Oct 6, 2022
Libextractor multiple heap-based buffer overflows Moderate
CVE-2006-2458 was published for extractor (pip) May 1, 2022
ProTip! Advisories are also available from the GraphQL API