GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
27,945 advisories
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
Moderate
CVE-2024-24595
was published
for
clearml
(pip)
Feb 6, 2024
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
Moderate
CVE-2024-24808
was published
for
pyload-ng
(pip)
Feb 5, 2024
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
Moderate
GHSA-xc9x-jj77-9p9j
was published
for
nokogiri
(RubyGems)
Feb 5, 2024
phpMyFAQ vulnerable to stored XSS on attachments filename
Moderate
CVE-2024-24574
was published
for
phpmyfaq/phpmyfaq
(Composer)
Feb 5, 2024
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
Moderate
CVE-2024-22208
was published
for
phpmyfaq/phpmyfaq
(Composer)
Feb 5, 2024
phpMyFAQ User Removal Page Allows Spoofing Of User Details
Moderate
CVE-2024-22202
was published
for
phpmyfaq/phpmyfaq
(Composer)
Feb 5, 2024
1Panel set-cookie is missing the Secure keyword
Low
CVE-2024-24768
was published
for
github.com/1Panel-dev/1Panel
(Go)
Feb 5, 2024
Duplicate Advisory: FastAPI Content-Type Header ReDoS
High
GHSA-qf9m-vfgh-m389
was published
for
fastapi
(pip)
Feb 5, 2024
•
withdrawn
Duplicate Advisory: Starlette Content-Type Header ReDoS
High
GHSA-93gm-qmq6-w238
was published
for
starlette
(pip)
Feb 5, 2024
•
withdrawn
.NET Information Disclosure Vulnerability
Moderate
CVE-2022-34716
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Feb 3, 2024
Zmarkdown Server-Side Request Forgery (SSRF) in remark-download-images
Moderate
GHSA-mf74-qq7w-6j7v
was published
for
remark-images-download
(npm)
Feb 3, 2024
ProTip!
Advisories are also available from the
GraphQL API