Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

21 advisories

Loading
Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer High
CVE-2024-52308 was published for github.com/cli/cli (Go) Nov 14, 2024
sarahbarili cmbrose
BlueSzy andyfeller BagToad Ry0taK
Nuxt vulnerable to remote code execution via the browser when running the test locally Critical
CVE-2024-34344 was published for nuxt (npm) Aug 5, 2024
Ry0taK
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Moderate
CVE-2024-34064 was published for Jinja2 (pip) May 6, 2024
Ry0taK
Cross-site scripting on application summary component Critical
CVE-2024-28175 was published for github.com/argoproj/argo-cd (Go) Mar 15, 2024
Ry0taK agaudreault
crenshaw-dev
RSSHub Cross-site Scripting vulnerability caused by internal media proxy Moderate
CVE-2024-27926 was published for rsshub (npm) Mar 6, 2024
Ry0taK
SvelteKit framework has Insufficient CSRF protection for CORS requests High
CVE-2023-29008 was published for @sveltejs/kit (npm) Apr 7, 2023
Ry0taK benmccann
dominikg Conduitry
rsshub vulnerable to Cross-site Scripting via unvalidated URL parameters Moderate
CVE-2023-26491 was published for rsshub (npm) Mar 1, 2023
Ry0taK
URI validation failure on SVG parsing. Bypass of CVE-2023-23924 Critical
CVE-2023-24813 was published for dompdf/dompdf (Composer) Feb 7, 2023
Ry0taK
Fastify: Incorrect Content-Type parsing can lead to CSRF attack Moderate
CVE-2022-41919 was published for fastify (npm) Nov 21, 2022
Ry0taK
URL Redirection to Untrusted Site ('Open Redirect') in next-auth Moderate
CVE-2022-29214 was published for next-auth (npm) May 24, 2022
Ry0taK
Git LFS can execute a Git binary from the current directory on Windows High
CVE-2021-21237 was published for github.com/git-lfs/git-lfs (Go) Feb 15, 2022
Ry0taK
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks Critical
CVE-2021-21386 was published for APKLeaks (pip) Jan 21, 2022
Ry0taK
Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server) High
GHSA-qm7x-rc44-rrqw was published for apollo-server (npm) Nov 8, 2021
Ry0taK
XSS vulnerability in GraphQL Playground from untrusted schemas High
CVE-2021-41249 was published for graphql-playground-react (npm) Nov 8, 2021
Ry0taK
GraphiQL introspection schema template injection attack High
CVE-2021-41248 was published for graphiql (npm) Nov 8, 2021
Ry0taK
User impersonation due to incorrect handling of the login JWT High
CVE-2021-39177 was published for org.geysermc:connector (Maven) Sep 7, 2021
Redned235 Camotoy
clankstar Ry0taK
Hugo can execute a binary from the current directory on Windows High
CVE-2020-26284 was published for github.com/gohugoio/hugo (Go) Jun 23, 2021
Ry0taK
Local directory executable lookup in sops (Windows-only) Low
GHSA-x5c7-x7m2-rhmf was published for go.mozilla.org/sops/v3 (Go) May 20, 2021
Ry0taK
ProTip! Advisories are also available from the GraphQL API