Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

23 advisories

Loading
Publify Core does not strip metadata from images Moderate
CVE-2022-2815 was published for publify_core (RubyGems) Jan 14, 2023
ezplatform-graphql GraphQL queries can expose password hashes High
CVE-2022-41876 was published for ezsystems/ezplatform-graphql (Composer) Nov 10, 2022
tranca
Insecure password handling vulnerability in Strapi High
CVE-2021-46440 was published for @strapi/strapi (npm) May 4, 2022
Remote code execution in Apache Tapestry Critical
CVE-2021-27850 was published for org.apache.tapestry:tapestry-core (Maven) Jun 16, 2021
Authentication bypass in Apache Kylin Moderate
CVE-2020-13937 was published for org.apache.kylin:kylin (Maven) Feb 10, 2022
Sensitive Data Exposure in miniorange_saml High
CVE-2021-36786 was published for miniorange/miniorange-saml (Composer) Sep 1, 2021
Improper use of cryptographic key in wal-g High
CVE-2021-38599 was published for github.com/wal-g/wal-g (Go) Sep 2, 2021
Insecure Storage of Sensitive Information in Microweber High
CVE-2022-0724 was published for microweber/microweber (Composer) Feb 24, 2022
RosarioSIS Stores Sensitive Data in a Mechanism without Access Control High
CVE-2023-2665 was published for francoisjacquet/rosariosis (Composer) May 19, 2023
vantage6 may create unencrypted tasks in encrypted collaboration Low
CVE-2024-22193 was published for vantage6 (pip) Jan 30, 2024
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR) High
CVE-2024-4540 was published for org.keycloak:keycloak-services (Maven) Jun 10, 2024
mschallar
Spoofing attack in swagger-ui Moderate
CVE-2018-25031 was published for swagger-ui (npm) Mar 12, 2022
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds Moderate
CVE-2023-50298 was published for org.apache.solr:solr-solrj (Maven) Feb 9, 2024
DanielRuf
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials Low
CVE-2024-47197 was published for org.apache.maven.plugins:maven-archetype-plugin (Maven) Sep 26, 2024
rke's credentials are stored in the RKE1 Cluster state ConfigMap Critical
CVE-2023-32191 was published for github.com/rancher/rke (Go) Jun 17, 2024
scikit-learn sensitive data leakage vulnerability Moderate
CVE-2024-5206 was published for scikit-learn (pip) Jun 6, 2024
Apache Camel data exposure vulnerability Low
CVE-2024-22371 was published for org.apache.camel:camel-core (Maven) Feb 26, 2024
rsrikanth11
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions Moderate
CVE-2024-23445 was published for org.elasticsearch:elasticsearch (Maven) Jun 12, 2024
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin Moderate
CVE-2024-39459 was published for org.jenkins-ci.plugins:plain-credentials (Maven) Jun 26, 2024
Logging of the firestore key within nodejs-firestore Moderate
CVE-2023-6460 was published for @google-cloud/firestore (npm) Dec 4, 2023
abhishekwebcode
Moodle admin presets export tool includes some secrets that should not be exported Low
CVE-2024-43427 was published for moodle/moodle (Composer) Nov 11, 2024
Apache StreamPark: Information leakage vulnerability Moderate
CVE-2024-29120 was published for org.apache.streampark:streampark (Maven) Jul 17, 2024
Missing permission checks on Hazelcast client protocol High
CVE-2023-45859 was published for com.hazelcast:hazelcast (Maven) Feb 27, 2024
ProTip! Advisories are also available from the GraphQL API