Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

16,199 advisories

aiohttp is vulnerable to directory traversal Moderate
CVE-2024-23334 was published for aiohttp (pip) Jan 29, 2024
lcttty solarpeng502
Authentik vulnerable to PKCE downgrade attack Moderate
CVE-2024-23647 was published for goauthentik.io (Go) Jan 29, 2024
pieterphilippaerts
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF High
CVE-2024-23828 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature Critical
CVE-2024-23827 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators Low
CVE-2024-23829 was published for aiohttp (pip) Jan 29, 2024
pajod
MeshCentral algorithm-downgrade issue Moderate
CVE-2023-51842 was published for meshcentral (npm) Jan 29, 2024
Apache Kylin has Insufficiently Protected Credentials Moderate
CVE-2023-29055 was published for org.apache.kylin:kylin-core-common (Maven) Jan 29, 2024
OpenFGA denial of service Moderate
CVE-2024-23820 was published for github.com/openfga/openfga (Go) Jan 26, 2024
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers High
CVE-2024-23656 was published for github.com/dexidp/dex (Go) Jan 26, 2024
tuminoid
Arbitrary Code Execution in Processwire Critical
CVE-2023-24676 was published for processwire/processwire (Composer) Jan 24, 2024
Any authenticated user may obtain private message details from other users on the same instance High
CVE-2024-23649 was published for lemmy_server (Rust) Jan 24, 2024
Nothing4You
Host header injection in the password reset High
CVE-2024-23648 was published for pimcore/admin-ui-classic-bundle (Composer) Jan 24, 2024
Mathisca
SQL Injection in Admin download files as zip High
CVE-2024-23646 was published for pimcore/admin-ui-classic-bundle (Composer) Jan 24, 2024
wkania
Unauthenticated Nonce Increment in snow Moderate
GHSA-7g9j-g5jg-3vv3 was published for snow (Rust) Jan 24, 2024
Shared projects are unconditionally discovered by Jenkins GitLab Branch Source Plugin Moderate
CVE-2024-23901 was published for io.jenkins.plugins:gitlab-branch-source (Maven) Jan 24, 2024
Path traversal vulnerability in Jenkins Matrix Project Plugin Moderate
CVE-2024-23900 was published for org.jenkins-ci.plugins:matrix-project (Maven) Jan 24, 2024
Arbitrary file read vulnerability in Git server Plugin can lead to RCE High
CVE-2024-23899 was published for org.jenkins-ci.plugins:git-server (Maven) Jan 24, 2024
Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin Low
CVE-2024-23903 was published for io.jenkins.plugins:gitlab-branch-source (Maven) Jan 24, 2024
CSRF vulnerability in Jenkins GitLab Branch Source Plugin Moderate
CVE-2024-23902 was published for io.jenkins.plugins:gitlab-branch-source (Maven) Jan 24, 2024
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI High
CVE-2024-23898 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 24, 2024
Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin High
CVE-2024-23905 was published for io.jenkins.plugins:redhat-dependency-analytics (Maven) Jan 24, 2024
Arbitrary file read vulnerability in Jenkins Log Command Plugin High
CVE-2024-23904 was published for org.jenkins-ci.plugins:log-command (Maven) Jan 24, 2024
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE Critical
CVE-2024-23897 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 24, 2024
ProTip! Advisories are also available from the GraphQL API