GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
Beetl Server-Side Template Injection vulnerability
Critical
CVE-2024-22533
was published
for
com.ibeetl:beetl-core
(Maven)
Feb 2, 2024
OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection
Critical
CVE-2017-11467
was published
for
com.orientechnologies:orientdb-core
(Maven)
Oct 18, 2018
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Low
CVE-2024-26142
was published
for
actionpack
(RubyGems)
Feb 27, 2024
MLflow authentication requirement bypass can allow a user to arbitrarily create an account
Critical
CVE-2023-6014
was published
for
mlflow
(pip)
Nov 16, 2023
Rails has possible XSS Vulnerability in Action Controller
Moderate
CVE-2024-26143
was published
for
actionpack
(RubyGems)
Feb 27, 2024
Moby Docker cp broken with debian containers
Critical
CVE-2019-14271
was published
for
github.com/docker/docker
(Go)
May 24, 2022
Spring Framework URL Parsing with Host Validation Vulnerability
High
CVE-2024-22259
was published
for
org.springframework:spring-web
(Maven)
Mar 16, 2024
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
High
CVE-2024-22243
was published
for
org.springframework:spring-web
(Maven)
Feb 23, 2024
Apache Struts vulnerable to path traversal
Critical
CVE-2023-50164
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 7, 2023
Rails has possible Sensitive Session Information Leak in Active Storage
Moderate
CVE-2024-26144
was published
for
activestorage
(RubyGems)
Feb 27, 2024
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
Moderate
GHSA-xc9x-jj77-9p9j
was published
for
nokogiri
(RubyGems)
Feb 5, 2024
ProTip!
Advisories are also available from the
GraphQL API