Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

15 advisories

Loading
lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through Moderate
CVE-2021-43818 was published for lxml (pip) Dec 13, 2021
pwntester
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`) High
CVE-2024-45388 was published for github.com/spectolabs/hoverfly (Go) Sep 3, 2024
pwntester
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow High
CVE-2024-42370 was published for litestar (pip) Aug 9, 2024 withdrawn
pwntester JacobCoffee
Remote Code Execution (RCE) vulnerability in dropwizard-validation High
CVE-2020-5245 was published for io.dropwizard:dropwizard-validation (Maven) Feb 24, 2020
pwntester SunBK201
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`) High
CVE-2024-28848 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`) High
CVE-2024-28847 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`) Critical
CVE-2024-28253 was published for org.open-metadata:openmetadata-service (Maven) Apr 23, 2024
pwntester
nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths Moderate
CVE-2021-32862 was published for nbconvert (pip) Aug 10, 2022
pwntester
Brook's tproxy server is vulnerable to a drive-by command injection. Critical
CVE-2023-33965 was published for github.com/txthinking/brook (Go) Jun 6, 2023
pwntester
Regular Expression Denial of Service in jquery-validation High
CVE-2021-21252 was published for jQuery.Validation (npm) Jan 13, 2021
erik-krogh pwntester
acryl-datahub missing JWT signature check Critical
CVE-2022-39366 was published for acryl-datahub (pip) Oct 31, 2022
artsploit pwntester
sylwia-budzynska p- Kwstubbs jorgectf
Critical vulnerability found in cron-utils Critical
CVE-2021-41269 was published for com.cronutils:cron-utils (Maven) Nov 15, 2021
NielsDoucet pwntester
Template injection in cron-utils Critical
CVE-2020-26238 was published for com.cronutils:cron-utils (Maven) Nov 24, 2020
pwntester
Server-Side Template Injection High
CVE-2020-26282 was published for com.browserup:browserup-proxy (Maven) Dec 24, 2020
pwntester dpowell
Remote Code Execution (RCE) vulnerability in dropwizard-validation High
CVE-2020-11002 was published for io.dropwizard:dropwizard-validation (Maven) Apr 10, 2020
pwntester
ProTip! Advisories are also available from the GraphQL API