Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

28 advisories

Loading
Sentry SDK Prototype Pollution gadget in JavaScript SDKs Moderate
GHSA-593m-55hh-j8gv was published for @sentry/browser (npm) Oct 3, 2024
dbt has an implicit override for built-in materializations from installed packages Low
CVE-2024-40637 was published for dbt-core (pip) Jul 17, 2024
brabster
Langflow remote code execution vulnerability High
CVE-2024-37014 was published for langflow (pip) Jun 10, 2024
Remote code execution in pytorch lightning Critical
CVE-2024-5452 was published for lightning (pip) Jun 6, 2024
colbybr
Eclipse Glassfish remote code execution issue Moderate
CVE-2023-5763 was published for org.glassfish.main.orb:orb-connector (Maven) Nov 3, 2023
TorchServe Pre-Auth Remote Code Execution Critical
GHSA-4mqg-h5jf-j9m7 was published for torchserve (pip) Oct 2, 2023
RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape High
CVE-2023-37271 was published for RestrictedPython (pip) Jul 10, 2023
loechel Quasar0147
despawningbone dataflake nneonneo
SpiceDB's LookupResources may return partial results Low
CVE-2023-35930 was published for github.com/authzed/spicedb (Go) Jun 28, 2023
toui allows user-specific variables to be shared between users Critical
CVE-2023-33175 was published for toui (pip) May 24, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-29199 was published for vm2 (npm) Apr 12, 2023
leesh3288
vm2 vulnerable to sandbox escape Critical
CVE-2023-29017 was published for vm2 (npm) Apr 7, 2023
seongil-wi rectcoordsystem
sqlite vulnerable to code execution due to Object coercion High
CVE-2022-43441 was published for sqlite3 (npm) Mar 13, 2023
CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation Moderate
CVE-2022-4318 was published for github.com/cri-o/cri-o (Go) Dec 29, 2022
vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on host Critical
CVE-2022-36067 was published for vm2 (npm) Sep 28, 2022
oxeye-gal oxeye-yuval
oxeye-daniel
Budibase Improper Access Control vulnerability Moderate
CVE-2022-3225 was published for @budibase/bbui (npm) Sep 17, 2022
CrafterCMS OS Command Injection vulnerability High
CVE-2022-40635 was published for org.craftercms:craftercms (Maven) Sep 14, 2022
CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources High
CVE-2022-40634 was published for org.craftercms:crafter-studio (Maven) Sep 14, 2022
Crafter CMS Crafter Studio vulnerable to Improper Control of Dynamically-Managed Code Resources High
CVE-2021-23267 was published for org.craftercms:crafter-studio (Maven) May 17, 2022
Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio High
CVE-2020-25802 was published for org.craftercms:crafter-studio (Maven) Feb 9, 2022
Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio High
CVE-2020-25803 was published for org.craftercms:crafter-studio (Maven) Feb 9, 2022
Serialization gadgets exploit in jackson-databind High
CVE-2020-35491 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
mpihelgas
Prototype Pollution in config-handler Critical
CVE-2021-23448 was published for config-handler (npm) Oct 12, 2021
Header dropping in traefik Moderate
CVE-2021-32813 was published for github.com/traefik/traefik (Go) Aug 5, 2021
Prototype pollution in nestie Critical
CVE-2021-25947 was published for nestie (npm) Jun 7, 2021
ProTip! Advisories are also available from the GraphQL API