Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,354
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,553
Pub
12
RubyGems
1,013
Rust
1,204
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,985 advisories

Loading
Liferay Portal and Liferay DXP Does Not Obfuscate Password Reminder Answers Moderate
CVE-2021-29038 was published for com.liferay.commerce:com.liferay.commerce.account.web (Maven) Feb 21, 2024
Cross-site Scripting Vulnerability in Statement Browser Moderate
CVE-2024-26140 was published for com.yetanalytics:lrs (Maven) Feb 21, 2024
cliffcaseyyet Credited to cliffcaseyyet and milt milt milt
ASA-2024-002: Default `PrepareProposalHandler` may produce invalid proposals when used with default `SenderNonceMempool` Moderate
GHSA-2557-x9mg-76w8 was published for github.com/cosmos/cosmos-sdk (Go) Feb 21, 2024
KonradStaniec Credited to KonradStaniec, gitferry, SebastianElvis, and vitsalis gitferry gitferry
SebastianElvis SebastianElvis vitsalis vitsalis
ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module Moderate
GHSA-4j93-fm92-rp4m was published for github.com/cosmos/cosmos-sdk (Go) Feb 21, 2024
dongsam Credited to dongsam and sushiwushi sushiwushi sushiwushi
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability High
CVE-2024-26135 was published for meshcentral (npm) Feb 21, 2024
Potential buffer overflow in CBOR2 decoder High
CVE-2024-26134 was published for cbor2 (pip) Feb 21, 2024
miri64 Credited to miri64
Path disclosure in JavaScript variable Moderate
CVE-2024-26129 was published for prestashop/prestashop (Composer) Feb 21, 2024
hugo-fasone Credited to hugo-fasone and matks matks matks
Externally Controlled Format String in Scripting Functions High
GHSA-q3gg-m8hr-h4x4 was published for surrealdb (Rust) Feb 21, 2024
akkie Credited to akkie
Uncaught Exception in Macro Expecting Native Function to Exist Moderate
GHSA-6wr5-jmpr-mjcx was published for surrealdb (Rust) Feb 21, 2024
idofilus Credited to idofilus
Uncaught Exception Handling Parsing Errors on Line Terminators Moderate
GHSA-8xff-473h-f863 was published for surrealdb (Rust) Feb 21, 2024
Cheyenne1025 Credited to Cheyenne1025
Unencrypted traffic between pods when using Wireguard and an external kvstore Moderate
CVE-2024-25631 was published for github.com/cilium/cilium (Go) Feb 20, 2024
gandro Credited to gandro and giorio94 giorio94 giorio94
Unencrypted ingress/health traffic when using Wireguard transparent encryption Moderate
CVE-2024-25630 was published for github.com/cilium/cilium (Go) Feb 20, 2024
gandro Credited to gandro and giorio94 giorio94 giorio94
Pimcore Host Header Injection in user invitation link High
CVE-2024-25625 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 20, 2024
oussama-rahali Credited to oussama-rahali
MantisBT Host Header Injection vulnerability High
CVE-2024-23830 was published for mantisbt/mantisbt (Composer) Feb 20, 2024
dregad Credited to dregad, Kerkroups, shaozi, plmaltais, and atrol Kerkroups Kerkroups
shaozi shaozi plmaltais plmaltais atrol atrol
Cross-site scripting (XSS) in the dynamic file uploads Moderate
CVE-2023-51447 was published for decidim (RubyGems) Feb 20, 2024
ctrgrb Credited to ctrgrb and ahukkanen ahukkanen ahukkanen
Improper Certificate Validation in apache airflow mongo hook Critical
CVE-2024-25141 was published for apache-airflow-providers-mongo (pip) Feb 20, 2024
Possibility to circumvent the invitation token expiry period Moderate
CVE-2023-48220 was published for decidim (RubyGems) Feb 20, 2024
ahukkanen Credited to ahukkanen and ctrgrb ctrgrb ctrgrb
Possible CSRF attack at questionnaire templates preview Moderate
CVE-2023-47635 was published for decidim-templates (RubyGems) Feb 20, 2024
Race condition in Endorsements Low
CVE-2023-47634 was published for decidim (RubyGems) Feb 20, 2024
microstudi Credited to microstudi, alecslupu, and andreslucena alecslupu alecslupu
andreslucena andreslucena
Deserialization of Untrusted Data in Apache Camel SQL High
CVE-2024-22369 was published for org.apache.camel:camel-sql (Maven) Feb 20, 2024
oscerd Credited to oscerd
Deserialization of Untrusted Data in Apache Camel CassandraQL High
CVE-2024-23114 was published for org.apache.camel:camel-cassandraql (Maven) Feb 20, 2024
oscerd Credited to oscerd
Liferay Portal and Liferay DXP vulnerable to theft of hashed password Moderate
CVE-2024-26270 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Liferay Portal and Liferay DXP User Enumeration Vulnerability Moderate
CVE-2024-26268 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Liferay Portal vulnerable to Denial of Service Moderate
CVE-2024-26265 was published for com.liferay.portal:release.portal.bom (Maven) Feb 20, 2024
Liferay Portal has a Stored XSS with Blog entries (Insecure defaults) Critical
CVE-2024-25610 was published for com.liferay.portal:com.liferay.portal.web (Maven) Feb 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database