Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

59 advisories

Loading
Microsoft SharePoint Server Remote Code Execution Vulnerability High Unreviewed
CVE-2021-28474 was published May 24, 2022
Ethereum Contains Consensus Flaw During Block Processing Moderate
CVE-2021-39137 was published for github.com/ethereum/go-ethereum (Go) Aug 30, 2021
guidovranken
Apache Shiro Interpretation Conflict vulnerability High
CVE-2023-22602 was published for org.apache.shiro:shiro-root (Maven) Jan 14, 2023
Header injection in TurboGears Critical
CVE-2019-25101 was published for TurboGears (pip) Feb 4, 2023
Insecure header validation in slim/psr7 Moderate
CVE-2023-30536 was published for slim/psr7 (Composer) Apr 18, 2023
GrahamCampbell akrabat
williamdes
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated Moderate
CVE-2023-30541 was published for @openzeppelin/contracts (npm) Apr 17, 2023
MarkLee131
Improper header name validation in guzzlehttp/psr7 Moderate
CVE-2023-29197 was published for guzzlehttp/psr7 (Composer) Apr 19, 2023
Nyholm TimWolla
GrahamCampbell
HTTP response splitting in CGI High
CVE-2021-33621 was published for cgi (RubyGems) Nov 19, 2022
meineerde
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or... Moderate Unreviewed
CVE-2023-48256 was published Jan 10, 2024
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2 Moderate
CVE-2024-24753 was published for bref/bref (Composer) Feb 1, 2024
smaury mnapoli
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions Low
CVE-2024-24754 was published for bref/bref (Composer) Feb 1, 2024
smaury
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained Moderate
CVE-2024-29034 was published for carrierwave (RubyGems) Mar 25, 2024
a-zara-n
ProTip! Advisories are also available from the GraphQL API