GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
20,763 advisories
hull.js Code Injection Vulnerability
Critical
GHSA-q849-wxrc-vqrp
was published
for
hull.js
(npm)
Dec 2, 2024
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
Critical
CVE-2024-53990
was published
for
org.asynchttpclient:async-http-client
(Maven)
Dec 2, 2024
Netty vulnerability included in redis lettuce
Moderate
GHSA-q4h9-7rxj-7gx2
was published
for
io.lettuce:lettuce-core
(Maven)
Dec 2, 2024
SimpleSAMLphp vulnerable to XXE in parsing SAML messages
High
GHSA-j5g2-q29x-cw3h
was published
for
simplesamlphp/simplesamlphp
(Composer)
Dec 2, 2024
Python package "zhmcclient" stores passwords in clear text in its HMC and API logs
Moderate
CVE-2024-53865
was published
for
zhmcclient
(pip)
Dec 2, 2024
PyJWT Issuer field partial matches allowed
Low
CVE-2024-53861
was published
for
PyJWT
(pip)
Dec 2, 2024
check-jsonschema default caching for remote schemas allows for cache confusion
Moderate
CVE-2024-53848
was published
for
check-jsonschema
(pip)
Dec 2, 2024
@intlify/shared Prototype Pollution vulnerability
Moderate
CVE-2024-52810
was published
for
@intlify/shared
(npm)
Dec 2, 2024
vue-i18n has cross-site scripting vulnerability with prototype pollution
Moderate
CVE-2024-52809
was published
for
@intlify/core
(npm)
Dec 2, 2024
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
Moderate
CVE-2024-52806
was published
for
simplesamlphp/saml2
(Composer)
Dec 2, 2024
sftpgo vulnerable to brute force takeover of OpenID Connect session cookies
Moderate
CVE-2024-52801
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Dec 2, 2024
SimpleSAMLphp xml-common XXE vulnerability
High
CVE-2024-52596
was published
for
simplesamlphp/saml2
(Composer)
Dec 2, 2024
Traefik's X-Forwarded-Prefix Header still allows for Open Redirect
Moderate
CVE-2024-52003
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 2, 2024
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts
Moderate
CVE-2024-53858
was published
for
github.com/cli/cli/v2
(Go)
Nov 27, 2024
ProTip!
Advisories are also available from the
GraphQL API