Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

83 advisories

Loading
Express ressource injection Moderate
CVE-2024-10491 was published for express (npm) Oct 29, 2024
axi92 rtmcmill2009
Twisted CRLF Injection Moderate
CVE-2019-12387 was published for twisted (pip) Jun 10, 2019
vault-cli contains possible RCE when reading user-defined data Moderate
CVE-2021-43837 was published for vault-cli (pip) Dec 16, 2021
ewjoachim
CRLF injection in urllib3 Moderate
CVE-2020-26137 was published for urllib3 (pip) Jun 18, 2021
Woodpecker's custom environment variables allow to alter execution flow of plugins Moderate
CVE-2024-41122 was published for go.woodpecker-ci.org/woodpecker (Go) Jul 19, 2024
Moodle vulnerable to cache poisoning via injection into storage Moderate
CVE-2024-43428 was published for moodle/moodle (Composer) Nov 7, 2024
Symfony allows changing the environment through a query Moderate
CVE-2024-50340 was published for symfony/runtime (Composer) Nov 6, 2024
wouterj
SQLFluff users with access to config file, using `libary_path` may call arbitrary python code Moderate
CVE-2023-36830 was published for sqlfluff (pip) Jul 6, 2023
Remote Code Execution in Red Discord Bot Moderate
CVE-2020-15140 was published for Red-DiscordBot (pip) Aug 21, 2020
douglascdev
Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice Moderate
CVE-2024-48927 was published for Umbraco.Cms (NuGet) Oct 22, 2024
Radicale regex metacharacters injection in the user name Moderate
CVE-2015-8748 was published for Radicale (pip) May 17, 2022
Apache Spark vulnerable to Log Injection Moderate
CVE-2022-31777 was published for org.apache.spark:spark-core (Maven) Nov 1, 2022
kurt-r2c
CRLF Injection in pypiserver Moderate
CVE-2019-6802 was published for pypiserver (pip) Jan 30, 2019
tdunlap607
OctoPrint vulnerable to Special Element Injection Moderate
CVE-2022-3607 was published for OctoPrint (pip) Oct 19, 2022
CRLF Injection in RestSharp's `RestRequest.AddHeader` method Moderate
CVE-2024-45302 was published for RestSharp (NuGet) Aug 29, 2024
sofiaml Static-Flow
HTML injection in email and account expiry notifications Moderate
CVE-2021-21333 was published for matrix-synapse (pip) Mar 26, 2021
lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through Moderate
CVE-2021-43818 was published for lxml (pip) Dec 13, 2021
pwntester
Contao affected by insert tag injection via canonical URL Moderate
CVE-2024-45612 was published for contao/core-bundle (Composer) Sep 17, 2024
aschempp
Invenio-App vulnerable to host header injection attack Moderate
CVE-2019-1020006 was published for invenio-app (pip) Jul 16, 2019
D-Tale Command Execution Vulnerability Moderate
CVE-2024-8862 was published for dtale (pip) Sep 16, 2024
D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder Moderate
CVE-2024-45595 was published for dtale (pip) Sep 10, 2024
AfterSnows
Apache Airflow Potential Cross-site Scripting Vulnerability Moderate
CVE-2024-39863 was published for apache-airflow (pip) Jul 17, 2024
ZendFramework potential remote code execution in zend-mail via Sendmail adapter Moderate
GHSA-gff2-p6vm-3p8g was published for zendframework/zendframework (Composer) Jun 7, 2024
ZendFramework Potential Proxy Injection Vulnerabilities Moderate
GHSA-mg7h-9qfx-4r83 was published for zendframework/zendframework (Composer) Jun 7, 2024
Improper Neutralization of Special Elements in Output in helm.sh/helm/v3 Moderate
CVE-2021-21303 was published for helm.sh/helm/v3 (Go) Jun 23, 2021
ProTip! Advisories are also available from the GraphQL API