Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

34 advisories

Loading
Sprockets path traversal leads to information leak High
CVE-2018-3760 was published for sprockets (RubyGems) Jun 20, 2018
kurt-r2c
Denial of Service in https-proxy-agent Critical
CVE-2018-3739 was published for https-proxy-agent (npm) Jul 27, 2018
kurt-r2c
Duplicate Advisory: Prototype Pollution in jquery Moderate
CVE-2019-5428 was published for jquery (RubyGems) Apr 23, 2019 withdrawn
kurt-r2c
Improper Input Validation in simple_form Critical
CVE-2019-16676 was published for simple_form (RubyGems) Sep 30, 2019
kurt-r2c
ReDOS vulnerabities: multiple grammars Moderate
GHSA-7wwv-vh3v-89cq was published for @highlightjs/cdn-assets (npm) Dec 4, 2020
RunDevelopment erik-krogh
kurt-r2c
Prototype Pollution in object-path High
CVE-2021-3805 was published for object-path (npm) Sep 20, 2021
kurt-r2c
Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader High
CVE-2020-28472 was published for @aws-sdk/shared-ini-file-loader (npm) Nov 16, 2021
kurt-r2c
URL parsing in node-forge could lead to undesired behavior. Low
GHSA-gf8q-jrpm-jvxq was published for node-forge (npm) Jan 8, 2022
kurt-r2c
node-fetch forwards secure headers to untrusted sites High
CVE-2022-0235 was published for node-fetch (npm) Jan 21, 2022
kurt-r2c
Incorrect Authorization in Apache Solr Critical
CVE-2020-13957 was published for org.apache.solr:solr-parent (Maven) Feb 10, 2022
kurt-r2c
URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect High
CVE-2022-24794 was published for express-openid-connect (npm) Mar 31, 2022
jviding kurt-r2c
Improper Privilege Management in Mattermost Moderate
CVE-2022-1332 was published for github.com/mattermost/mattermost-server/v5 (Go) Apr 14, 2022
kurt-r2c
YARP Denial of Service Vulnerability High
CVE-2022-26924 was published for Yarp.ReverseProxy (NuGet) Apr 22, 2022
kurt-r2c
Improper Input Validation in GeoServer High
CVE-2022-24847 was published for org.geoserver:gs-main (Maven) Apr 22, 2022
kurt-r2c
Insufficient type validation in pocketmine/pocketmine-mp High
GHSA-g5rr-p69h-7v3g was published for pocketmine/pocketmine-mp (Composer) Apr 22, 2022
kurt-r2c
OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser High
CVE-2022-29546 was published for net.sourceforge.htmlunit:neko-htmlunit (Maven) Apr 26, 2022
kurt-r2c
Keycloak vulnerable to privilege escalation on Token Exchange feature Critical
CVE-2022-1245 was published for org.keycloak:keycloak-services (Maven) Apr 26, 2022
knutz3n kurt-r2c
Keycloak is vulnerable to IDN homograph attack Low
GHSA-mwm4-5qwr-g9pf was published for org.keycloak:keycloak-services (Maven) Apr 28, 2022
klausenbusk kurt-r2c
Arbitrary filesystem write access from velocity. High
CVE-2022-24897 was published for org.xwiki.commons:xwiki-commons-velocity (Maven) Apr 28, 2022
kurt-r2c
Improper path handling in kustomization files allows path traversal Critical
CVE-2022-24877 was published for github.com/fluxcd/flux2 (Go) May 4, 2022
hiddeco kurt-r2c
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter High
CVE-2022-24901 was published for parse-server (npm) May 4, 2022
yoshmidev kurt-r2c
Improper handling of multiline messages in node-irc High
GHSA-52rh-5rpj-c3w6 was published for matrix-org-irc (npm) May 5, 2022
kurt-r2c
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2017-5647 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
kurt-r2c sunSUNQ
r3kumar
Improper Neutralization of Special Elements used in a Command in Shell-quote Critical
CVE-2021-42740 was published for shell-quote (npm) May 24, 2022
MyTrueWallet kurt-r2c
jwilk
Possible shell escape sequence injection vulnerability in Rack Critical
CVE-2022-30123 was published for rack (RubyGems) May 27, 2022
kurt-r2c
ProTip! Advisories are also available from the GraphQL API