Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

35 advisories

Loading
Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion High
CVE-2024-54149 was published for winter/wn-cms-module (Composer) Dec 9, 2024
bennothommo
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through High
CVE-2024-52595 was published for lxml-html-clean (pip) Nov 19, 2024
JorianWoltjer frenzymadness
Wasmtime doesn't fully sandbox all the Windows device filenames Low
CVE-2024-51745 was published for wasmtime (Rust) Nov 5, 2024
nathaniel-daniel
Ankitects Anki LaTeX Blocklist Bypass vulnerability Low
CVE-2024-32152 was published for anki (pip) Jul 22, 2024
Jayy001
Microsoft Outlook Remote Code Execution Vulnerability High Unreviewed
CVE-2024-30103 was published Jun 11, 2024
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols Moderate
CVE-2024-28246 was published for katex (npm) Mar 25, 2024
7085 edemaine
jupenur
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code Critical
CVE-2023-45133 was published for @babel/traverse (npm) Oct 16, 2023
SteakEnthusiast ashdude1401
nicolo-ribaudo Apetree100122 ebickle
Apache NiFi Insufficient Property Validation vulnerability Moderate
CVE-2023-40037 was published for org.apache.nifi:nifi-dbcp-base (Maven) Aug 19, 2023
SvelteKit vulnerable to Cross-Site Request Forgery High
CVE-2023-29003 was published for @sveltejs/kit (npm) Apr 4, 2023
v1ktor0t benmccann
Conduitry eltigerchino dominikg
Cortex's Alertmanager can expose local files content via specially crafted config Moderate
CVE-2022-23536 was published for github.com/cortexproject/cortex (Go) Dec 19, 2022
aus
Agent-to-controller access control allows reading/writing most content of build directories in Jenkins Critical
CVE-2021-21697 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Incomplete List of Disallowed Inputs in Jenkins Moderate
CVE-2017-2602 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API