GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
9 advisories
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
Moderate
CVE-2024-25710
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui
Critical
CVE-2022-41930
was published
for
org.xwiki.platform:xwiki-platform-user-profile-ui
(Maven)
Nov 21, 2022
XWiki users registered with email verification can self re-activate their disabled accounts
High
CVE-2021-32620
was published
for
org.xwiki.commons:xwiki-commons-core
(Maven)
May 18, 2021
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service
High
CVE-2020-25614
was published
for
github.com/antchfx/xmlquery
(Go)
Oct 7, 2022
1Panel set-cookie is missing the Secure keyword
Low
CVE-2024-24768
was published
for
github.com/1Panel-dev/1Panel
(Go)
Feb 5, 2024
Flarum's logout Route allows open redirects
Moderate
CVE-2024-21641
was published
for
flarum/core
(Composer)
Jan 5, 2024
Missing Authorization in Jenkins Blue Ocean Plugin
Moderate
CVE-2017-1000105
was published
for
io.jenkins.blueocean:blueocean
(Maven)
May 13, 2022
Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions
Moderate
CVE-2022-36109
was published
for
github.com/docker/docker
(Go)
Sep 16, 2022
Apache Hadoop allows local user to gain root privileges
High
CVE-2023-26031
was published
for
org.apache.hadoop:hadoop-yarn-project
(Maven)
Nov 16, 2023
ProTip!
Advisories are also available from the
GraphQL API