GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
27,998 advisories
Pimcore Preview Documents are not restricted to logged in users anymore
Moderate
CVE-2024-29197
was published
for
pimcore/pimcore
(Composer)
Mar 26, 2024
LangChain's XMLOutputParser vulnerable to XML Entity Expansion
Moderate
CVE-2024-1455
was published
for
langchain-core
(pip)
Mar 26, 2024
Unauthenticated views may expose information to anonymous users
Low
CVE-2024-29199
was published
for
nautobot
(pip)
Mar 26, 2024
phpMyFAQ stored Cross-site Scripting at user email
Moderate
CVE-2024-27300
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
High
CVE-2024-28105
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
phpMyFAQ Stored Cross-site Scripting at FAQ News Content
Moderate
CVE-2024-28106
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
phpMyFAQ SQL injections at insertentry & saveentry
High
CVE-2024-28107
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
phpMyFAQ Stored HTML Injection at contentLink
Moderate
CVE-2024-28108
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
phpMyFAQ Stored Cross-site Scripting at File Attachments
Moderate
CVE-2024-29179
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
phpMyFAQ SQL Injection at "Save News"
High
CVE-2024-27299
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
WiX based installers are vulnerable to binary hijack when run as SYSTEM
High
CVE-2024-29187
was published
for
WixToolset.Sdk
(NuGet)
Mar 25, 2024
WP Crontrol vulnerable to possible RCE when combined with a pre-condition
High
CVE-2024-28850
was published
for
johnbillion/wp-crontrol
(Composer)
Mar 25, 2024
Netty's HttpPostRequestDecoder can OOM
Moderate
CVE-2024-29025
was published
for
io.netty:netty-codec-http
(Maven)
Mar 25, 2024
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
Moderate
CVE-2024-29034
was published
for
carrierwave
(RubyGems)
Mar 25, 2024
ProTip!
Advisories are also available from the
GraphQL API