Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

23 advisories

Loading
Electron webPreferences vulnerability can be used to perform remote code execution High
CVE-2018-15685 was published for electron (npm) Aug 23, 2018
Insecure Default Initialization of Resource in Pivotal Spring Web Flow Moderate
CVE-2017-4971 was published for org.springframework.webflow:spring-webflow (Maven) May 13, 2022
Insecure Default Initialization of Resource in Pivotal Spring Web Flow Moderate
CVE-2017-8039 was published for org.springframework.webflow:spring-webflow (Maven) May 13, 2022
WildFly vulnerable to Insecure Default Initialization of Resource High
CVE-2022-1278 was published for org.wildfly.bom:wildfly (Maven) Sep 14, 2022
Arbitrary Code Execution in grunt High
CVE-2020-7729 was published for grunt (npm) May 6, 2021
Insecure defaults in UmbracoForms High
CVE-2020-7685 was published for UmbracoForms (NuGet) Jul 29, 2020
OpenStack Nova uses insecure keystone middleware tmpdir by default Moderate
CVE-2013-2030 was published for python-keystoneclient (pip) May 17, 2022
User data exposure in Apache InLong Moderate
CVE-2023-31101 was published for org.apache.inlong:manager-dao (Maven) May 22, 2023
MTProto proxy remote code execution vulnerability High
CVE-2023-45312 was published for mtproto_proxy (Erlang) Oct 10, 2023
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource Low
CVE-2023-3485 was published for go.temporal.io/server (Go) Jun 30, 2023
Insecure Default Initialization In Liferay Portal Moderate
CVE-2023-33949 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Default swagger-ui configuration exposes all files in the module Moderate
CVE-2024-22207 was published for @fastify/swagger-ui (npm) Jan 16, 2024
knolleary
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins Critical
CVE-2018-8014 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
ASA-2024-004: Default configuration param for Evidence may limit window of validity Low
GHSA-555p-m4v6-cqxv was published for github.com/cometbft/cometbft (Go) Feb 28, 2024
Apache superset missing check for default SECRET_KEY High
CVE-2023-27524 was published for apache-superset (pip) Apr 24, 2023
Insecure deserialization in BentoML Critical
CVE-2024-2912 was published for bentoml (pip) Apr 16, 2024
Apache ActiveMQ's default configuration doesn't secure the API web context High
CVE-2024-32114 was published for org.apache.activemq:apache-activemq (Maven) May 2, 2024
vodozemac has degraded secret zeroization capabilities Low
CVE-2024-34063 was published for vodozemac (Rust) May 3, 2024
Apache Isis webconsole module may directly query the database in prototype mode Moderate
CVE-2022-42467 was published for org.apache.isis.core:isis-core (Maven) Oct 19, 2022
Argo CD Insecure default administrative password High
CVE-2020-8828 was published for github.com/argoproj/argo-cd (Go) Jul 26, 2021
Authentication bypass in Apache Airflow Critical
CVE-2020-13927 was published for apache-airflow (pip) Apr 30, 2021
sunSUNQ
Insecure Default Initialization of Resource vulnerability in Apache Solr High
CVE-2024-45217 was published for org.apache.solr:solr (Maven) Oct 16, 2024
Filament has exported files stored in default (`public`) filesystem if not reconfigured Low
CVE-2024-51758 was published for filament/actions (Composer) Nov 7, 2024
danharrin catferq
ProTip! Advisories are also available from the GraphQL API