Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

22 advisories

Loading
Gateway API route matching order contradicts specification Moderate
CVE-2024-42487 was published for github.com/cilium/cilium (Go) Aug 15, 2024
sayboras
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data Moderate
CVE-2024-40767 was published for Nova (pip) Jul 24, 2024
Name confusion in x509 Subject Alternative Name fields High
CVE-2023-52892 was published for phpseclib/phpseclib (Composer) Jun 28, 2024
btcd susceptible to consensus failures Moderate
CVE-2024-34478 was published for github.com/btcsuite/btcd (Go) May 5, 2024
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained Moderate
CVE-2024-29034 was published for carrierwave (RubyGems) Mar 25, 2024
a-zara-n
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions Low
CVE-2024-24754 was published for bref/bref (Composer) Feb 1, 2024
smaury
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2 Moderate
CVE-2024-24753 was published for bref/bref (Composer) Feb 1, 2024
smaury mnapoli
Improper Input Validation in nyholm/psr7 Moderate
GHSA-wjfc-pgfp-pv9c was published for nyholm/psr7 (Composer) Apr 21, 2023
Improper header validation in httpsoft/http-message Moderate
GHSA-9jxr-mwpp-w643 was published for httpsoft/http-message (Composer) Apr 21, 2023
devanych
Improper header name validation in guzzlehttp/psr7 Moderate
CVE-2023-29197 was published for guzzlehttp/psr7 (Composer) Apr 19, 2023
Nyholm TimWolla
GrahamCampbell
Insecure header validation in slim/psr7 Moderate
CVE-2023-30536 was published for slim/psr7 (Composer) Apr 18, 2023
GrahamCampbell akrabat
williamdes
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated Moderate
CVE-2023-30541 was published for @openzeppelin/contracts (npm) Apr 17, 2023
MarkLee131
URI validation failure on SVG parsing. Bypass of CVE-2023-23924 Critical
CVE-2023-24813 was published for dompdf/dompdf (Composer) Feb 7, 2023
Ry0taK
Header injection in TurboGears Critical
CVE-2019-25101 was published for TurboGears (pip) Feb 4, 2023
Apache Shiro Interpretation Conflict vulnerability High
CVE-2023-22602 was published for org.apache.shiro:shiro-root (Maven) Jan 14, 2023
Netty vulnerable to HTTP Response splitting from assigning header value iterator Moderate
CVE-2022-41915 was published for io.netty:netty-codec-http (Maven) Dec 12, 2022
rafalambrozewicz anderruiz
HTTP response splitting in CGI High
CVE-2021-33621 was published for cgi (RubyGems) Nov 19, 2022
meineerde
Broken Authorization in ZITADEL Actions High
CVE-2022-36051 was published for github.com/zitadel/zitadel (Go) Aug 30, 2022
mezdanak
Failed payment recorded has completed in Silverstripe Omnipay Low
CVE-2022-29254 was published for silverstripe/silverstripe-omnipay (Composer) Jun 6, 2022
Ethereum Contains Consensus Flaw During Block Processing Moderate
CVE-2021-39137 was published for github.com/ethereum/go-ethereum (Go) Aug 30, 2021
guidovranken
Misinterpretation of malicious XML input Moderate
CVE-2021-21366 was published for xmldom (npm) Mar 12, 2021
jupenur karfau
brodycj
ProTip! Advisories are also available from the GraphQL API