GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
28,408 advisories
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
Moderate
CVE-2024-45772
was published
for
org.apache.lucene:lucene-replicator
(Maven)
Sep 30, 2024
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
Moderate
CVE-2024-47186
was published
for
filament/infolists
(Composer)
Sep 27, 2024
ReLaXed Cross-site Scripting vulnerability
Low
CVE-2024-9283
was published
for
relaxedjs
(npm)
Sep 27, 2024
Inefficient Regular Expression Complexity in langflow
Moderate
CVE-2024-9277
was published
for
langflow
(pip)
Sep 27, 2024
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
High
CVE-2024-7594
was published
for
github.com/hashicorp/vault
(Go)
Sep 26, 2024
Agnai vulnerable to Relative Path Traversal in Image Upload
Low
CVE-2024-47171
was published
for
agnai
(npm)
Sep 26, 2024
Agnai File Disclosure Vulnerability: JSON via Path Traversal
Low
CVE-2024-47170
was published
for
agnai
(npm)
Sep 26, 2024
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
Critical
CVE-2024-47169
was published
for
agnai
(npm)
Sep 26, 2024
Layui has DOM Clobbering gadgets that leads to Cross-site Scripting
Moderate
CVE-2024-47075
was published
for
layui
(npm)
Sep 26, 2024
IDOR vulnerability in account profile page
Moderate
CVE-2024-39319
was published
for
aimeos/ai-controller-frontend
(Composer)
Sep 26, 2024
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events
Moderate
CVE-2024-47003
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Sep 26, 2024
Gradio allows users to access arbitrary files
Critical
CVE-2024-1728
was published
for
gradio
(pip)
Sep 25, 2024
Cross-Site Request Forgery (CSRF) in strawberry-graphql
Moderate
CVE-2024-47082
was published
for
strawberry-graphql
(pip)
Sep 25, 2024
ProTip!
Advisories are also available from the
GraphQL API