Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

161 advisories

Loading
Picklescan missing detection when calling built-in python library function timeit.timeit() Moderate
GHSA-v7x6-rv5q-mhwc was published for picklescan (pip) Apr 7, 2025
SeaW1nd Credited to SeaW1nd
Duplicate Advisory: Remote Code Execution via Malicious Pickle File Bypassing Static Analysis Moderate
GHSA-vr75-hjh9-7fr6 was published for picklescan (pip) Mar 3, 2025 withdrawn
Apache NiFi Insufficient Property Validation vulnerability Moderate
CVE-2023-40037 was published for org.apache.nifi:nifi-dbcp-base (Maven) Aug 19, 2023
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through High
CVE-2024-52595 was published for lxml-html-clean (pip) Nov 19, 2024
JorianWoltjer Credited to JorianWoltjer and frenzymadness frenzymadness frenzymadness
Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion High
CVE-2024-54149 was published for winter/wn-cms-module (Composer) Dec 9, 2024
bennothommo Credited to bennothommo
Ankitects Anki LaTeX Blocklist Bypass vulnerability Low
CVE-2024-32152 was published for anki (pip) Jul 22, 2024
Jayy001 Credited to Jayy001
Microsoft Outlook Remote Code Execution Vulnerability High Unreviewed
CVE-2024-30103 was published Jun 11, 2024
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code Critical
CVE-2023-45133 was published for @babel/traverse (npm) Oct 16, 2023
SteakEnthusiast Credited to SteakEnthusiast, ashdude1401, nicolo-ribaudo, Apetree100122, and ebickle ashdude1401 ashdude1401
nicolo-ribaudo nicolo-ribaudo Apetree100122 Apetree100122 ebickle ebickle
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols Moderate
CVE-2024-28246 was published for katex (npm) Mar 25, 2024
7085 Credited to 7085, edemaine, and jupenur edemaine edemaine
jupenur jupenur
Incomplete List of Disallowed Inputs in SOFA-Hessian Critical
CVE-2019-9212 was published for com.alipay.sofa:hessian (Maven) Mar 6, 2019
jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution Critical
CVE-2017-15095 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 18, 2018
sunSUNQ Credited to sunSUNQ
FasterXML jackson-databind allows unauthenticated remote code execution Critical
CVE-2018-7489 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 16, 2018
sunSUNQ Credited to sunSUNQ
Deserialization of Untrusted Data in jackson-databind High
CVE-2018-5968 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 30, 2020
sunSUNQ Credited to sunSUNQ
jackson-databind is vulnerable to a deserialization flaw Critical
CVE-2017-7525 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 16, 2018
sunSUNQ Credited to sunSUNQ
Denial of Service in http-proxy High
GHSA-6x33-pw7p-hmpq was published for http-proxy (npm) Sep 4, 2020
chalbersma Credited to chalbersma
Agent-to-controller access control allows reading/writing most content of build directories in Jenkins Critical
CVE-2021-21697 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Cortex's Alertmanager can expose local files content via specially crafted config Moderate
CVE-2022-23536 was published for github.com/cortexproject/cortex (Go) Dec 19, 2022
aus Credited to aus
Safemode Gem Has Incomplete List of Disallowed Inputs Critical
CVE-2017-7540 was published for safemode (RubyGems) Oct 24, 2017
SvelteKit vulnerable to Cross-Site Request Forgery High
CVE-2023-29003 was published for @sveltejs/kit (npm) Apr 4, 2023
v1ktor0t Credited to v1ktor0t, benmccann, Conduitry, teemingc, and dominikg benmccann benmccann
Conduitry Conduitry teemingc teemingc dominikg dominikg
ProTip! Advisories are also available from the GraphQL API