Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

420 advisories

Loading
XWiki's scheduler in subwiki allows scheduling operations for any main wiki user Moderate
CVE-2024-55876 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Dec 12, 2024
XWiki allows RCE from script right in configurable sections Critical
CVE-2024-55879 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 12, 2024
Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges Moderate
CVE-2024-52529 was published for github.com/cilium/cilium (Go) Nov 25, 2024
moodle: Some users can delete audiences of other reports Moderate
CVE-2024-48898 was published for moodle/moodle (Composer) Nov 18, 2024
Improper Access Control in janeczku/calibre-web Moderate
CVE-2021-3987 was published for calibreweb (pip) Nov 15, 2024
Script security bypass vulnerability in Jenkins Shared Library Version Override Plugin High
CVE-2024-52554 was published for io.jenkins.plugins:shared-library-version-override (Maven) Nov 13, 2024
Missing permission check in Jenkins Script Security Plugin Moderate
CVE-2024-52549 was published for org.jenkins-ci.plugins:script-security (Maven) Nov 13, 2024
Moodle's IDOR in badges allows deletion of arbitrary badges Moderate
CVE-2024-43431 was published for moodle/moodle (Composer) Nov 7, 2024
Mattermost server allows authenticated user to delete arbitrary post Moderate
CVE-2024-50052 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 29, 2024
XWiki Platform document history including authors of any page exposed to unauthorized actors Moderate
CVE-2024-45591 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Sep 10, 2024
Xiqinger
LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability Low
CVE-2023-23611 was published for lti-consumer-xblock (pip) Aug 30, 2024
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them Critical
CVE-2024-43401 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Aug 19, 2024
floerer
CometVisu Backend for openHAB has a sensitive information disclosure vulnerability Moderate
CVE-2024-42470 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p-
Jenkins does not perform a permission check in an HTTP endpoint Moderate
CVE-2024-43045 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet Critical
CVE-2024-37901 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Jul 31, 2024
XWiki Platform vulnerable to document deletion and overwrite from edit Moderate
CVE-2024-37898 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jul 31, 2024
Snipe-IT allows users to promote or demote themselves or other users High
CVE-2024-5685 was published for snipe/snipe-it (Composer) Jun 14, 2024
Arbitrary file deletion in litellm High
CVE-2024-4888 was published for litellm (pip) Jun 6, 2024
TYPO3 Information Disclosure in Backend User Interface Moderate
GHSA-rv8r-8mh5-5376 was published for typo3/cms-core (Composer) May 30, 2024
SimpleSAMLphp Information Disclosure vulnerability Moderate
GHSA-ppm4-r2vc-pg74 was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
silverstripe/framework missing ACL on reports Moderate
GHSA-52cx-hpc5-cxwc was published for silverstripe/framework (Composer) May 27, 2024
Ant Media Server vulnerable to a local privilege escalation High
CVE-2024-32656 was published for io.antmedia:ant-media-server (Maven) Apr 22, 2024
UNC1739
XWiki Platform remote code execution from account through UIExtension parameters Critical
CVE-2024-31997 was published for org.xwiki.platform:xwiki-platform-uiextension-api (Maven) Apr 10, 2024
XWiki Platform remote code execution from account via custom skins support Critical
CVE-2024-31987 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 10, 2024
XWiki Platform: Remote code execution from edit in multilingual wikis via translations Critical
CVE-2024-31983 was published for org.xwiki.platform:xwiki-platform-localization-source-wiki (Maven) Apr 10, 2024
ProTip! Advisories are also available from the GraphQL API