Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

280 advisories

Loading
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console Low
CVE-2024-5967 was published for org.keycloak:keycloak-ldap-federation (Maven) Jun 21, 2024
MarkLee131
Regular expression denial-of-service in Django Moderate
CVE-2024-27351 was published for django (pip) Mar 15, 2024
MarkLee131
SQL injection vulnerability in Meshery Critical
CVE-2023-46575 was published for github.com/layer5io/meshery (Go) Nov 24, 2023
MarkLee131
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files Low
CVE-2023-43123 was published for org.apache.storm:storm-core (Maven) Nov 23, 2023
MarkLee131
Exposure of Sensitive Information in Elastic APM .NET Agent Low
CVE-2021-22143 was published for Elastic.Apm (NuGet) Nov 22, 2023
MarkLee131
Cross-site Scripting in OpenCRX Moderate
CVE-2023-40813 was published for org.opencrx:opencrx-core-models (Maven) Nov 18, 2023
MarkLee131
MLflow authentication requirement bypass can allow a user to arbitrarily create an account Critical
CVE-2023-6014 was published for mlflow (pip) Nov 16, 2023
MarkLee131 yoshizawa-masatoshi
NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability Moderate
CVE-2023-45884 was published for openmct (npm) Nov 9, 2023
MarkLee131
NASA Open MCT Cross Site Scripting vulnerability Moderate
CVE-2023-45885 was published for openmct (npm) Nov 9, 2023
MarkLee131
Mattermost password hash disclosure vulnerability Moderate
CVE-2023-5968 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 6, 2023
MarkLee131
Mattermost vulnerable to excessive memory consumption Moderate
CVE-2023-5969 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 6, 2023
MarkLee131
ConcreteCMS Cross-site Scripting vulnerability Moderate
CVE-2023-44761 was published for concrete5/concrete5 (Composer) Oct 6, 2023
MarkLee131
ConcreteCMS Cross-site Scripting vulnerability Moderate
CVE-2023-44765 was published for concrete5/concrete5 (Composer) Oct 6, 2023
MarkLee131
SQL injection in jeecgboot Critical
CVE-2023-40989 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Sep 22, 2023
MarkLee131
RaspAP Command Injection vulnerability High
CVE-2022-39987 was published for billz/raspap-webgui (Composer) Aug 1, 2023
MarkLee131
RaspAP Command Injection vulnerability Critical
CVE-2022-39986 was published for billz/raspap-webgui (Composer) Aug 1, 2023
MarkLee131
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning Moderate
CVE-2023-34234 was published for @openzeppelin/contracts (npm) Jun 8, 2023
MarkLee131
n8n Privilege Escalation vulnerability High
CVE-2023-27563 was published for n8n (npm) May 10, 2023
MarkLee131
n8n Directory Traversal vulnerability Moderate
CVE-2023-27562 was published for n8n (npm) May 10, 2023
MarkLee131
n8n Information Disclosure vulnerability High
CVE-2023-27564 was published for n8n (npm) May 10, 2023
MarkLee131
Stored cross site scripting on API integration Moderate
CVE-2023-28477 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names Low
CVE-2023-28819 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Concrete CMS missing secure cookie parameters Moderate
CVE-2023-28472 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section Critical
CVE-2023-28473 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Reflected cross site scripting Moderate
CVE-2023-28475 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
ProTip! Advisories are also available from the GraphQL API