Vulnerabilities

Recent vulnerabilities

Recent vulnerabilities from
Select from 78 available sources using the dropdown above.

GitHub 🐙

Recent vulnerabilities · 237837 entries
ID Severity Description Published Updated
ghsa-24pj-f32f-p9j2
0.0 (3.1)
This CVE has been rejected. 2024-10-01T06:30:47Z 2024-10-01T06:30:47Z
ghsa-2vf8-hmhp-gw9x
0.0 (3.1)
This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 1… 2024-03-08T03:31:25Z 2026-04-02T21:31:39Z
ghsa-2xv8-gjwh-fv8p
0.0 (3.1)
CrateDB's Blob HTTP handler bypasses authorization 2026-07-01T19:55:07Z 2026-07-01T19:55:07Z
ghsa-335x-5wcm-8jv2
0.0 (3.1)
Backoffice User can bypass "Publish" restriction 2023-12-13T13:21:51Z 2024-01-12T16:28:24Z
ghsa-36xx-7vf6-7mv3
0.0 (3.1)
Silverstripe Framework: Members with no password can be created and bypass custom login forms 2023-07-31T22:00:58Z 2023-10-04T17:11:40Z
ghsa-3jp4-mhh4-gcgr
0.0 (3.1)
Kimai has an Open Redirect via Unvalidated RelayState in SAML ACS Handler 2026-04-14T01:06:06Z 2026-04-14T01:06:06Z
ghsa-3q5f-gmjc-38r8
0.0 (3.1)
ImageMagick: Memory leak in coders/txt.c without freetype 2026-02-25T19:13:08Z 2026-02-25T19:13:08Z
ghsa-3rwj-9q84-fmqw
0.0 (3.1)
A broken access control vulnerability previously discovered in the Trend Vision One Role Name compo… 2025-04-02T18:30:54Z 2025-04-02T18:30:54Z
ghsa-435g-fcv3-8j26
0.0 (4.0)
Bug-Fixes in `libcrux-ecdh`, `libcrux-ed25519`, `libcrux-psq` 2026-02-12T22:12:14Z 2026-02-27T20:51:08Z
ghsa-473p-56xx-vg67
0.0 (3.1)
Kiwi TCMS vulnerable to stored XSS via JavaScript: URI in extra_link field (TestPlan & TestCase) 2026-07-06T21:49:41Z 2026-07-06T21:49:41Z
ghsa-4c3c-r6p8-c863
0.0 (3.1)
Flawfinder output manipulation via untrusted filenames and source text 2026-06-26T20:52:25Z 2026-06-26T20:52:25Z
ghsa-4gp9-ff99-j6vj
0.0 (3.1)
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API 2024-10-22T17:51:26Z 2024-10-22T19:22:27Z
ghsa-4px2-pw77-vc85
0.0 (3.1)
SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo-header in HTTP2ToH… 2026-06-12T15:08:16Z 2026-06-12T15:08:16Z
ghsa-5339-hvwr-7582
0.0 (3.1)
Unhead Vulnerable to Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity 2026-03-12T14:19:25Z 2026-03-12T19:14:29Z
ghsa-55h8-q58m-2332
0.0 (3.1)
Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is inc… 2026-06-23T18:31:42Z 2026-06-23T18:31:42Z
ghsa-59xv-588h-2vmm
0.0 (3.1)
@saltcorn/data vulnerable to SQL Injection via jsexprToSQL Literal Handler 2026-04-10T19:30:32Z 2026-04-10T19:30:32Z
ghsa-5rv5-xj5j-3484
0.0 (3.1)
Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still … 2026-05-18T14:51:51Z 2026-06-05T14:12:03Z
ghsa-6324-52pr-h4p5
0.0 (3.1)
Using the directory back payload (“/../”) in a package name allows placement of package in other folders. 2023-12-13T13:24:53Z 2024-01-12T16:28:06Z
ghsa-664f-j627-v386
0.0 (4.0)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnera… 2026-02-03T00:30:19Z 2026-02-03T00:30:19Z
ghsa-6cw8-3wqq-r7p8
0.0 (3.1)
Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-Lead ECG Monitor FW Version 3.… 2024-04-22T15:30:41Z 2024-07-03T18:36:23Z
ghsa-6cxj-fx46-x5rx
0.0 (3.1)
The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets. 2024-04-22T06:30:29Z 2024-07-03T18:36:19Z
ghsa-6ggm-pwr9-r5h2
0.0 (4.0)
XSS in @leanprover/unicode-input-component 2026-03-16T16:39:55Z 2026-03-16T16:39:55Z
ghsa-6h85-5gxw-42h9
0.0 (3.1)
An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacke… 2024-04-23T15:30:34Z 2024-07-03T18:36:39Z
ghsa-6xmx-85x3-4cv2
0.0 (3.1)
Stored XSS via SVG File Upload 2023-12-13T13:30:53Z 2023-12-13T13:30:53Z
ghsa-72rp-2fhc-9m4p
0.0 (3.1)
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers … 2024-04-17T21:30:50Z 2024-07-03T18:35:18Z
ghsa-7jc7-7vhf-f7fg
0.0 (4.0)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnera… 2025-04-10T21:31:10Z 2025-11-03T21:33:30Z
ghsa-7qx6-f23w-3w7f
0.0 (3.1)
Unauthenticated Open Redirect, Arbitrary HTTP Response Header Injection, Missing CSRF, and Invisibl… 2026-04-14T22:53:33Z 2026-04-14T22:53:34Z
ghsa-7x6q-3v3m-cwjg
0.0 (3.1)
kiwi TCMS has possibility for user to update email address to unverified one 2023-04-24T16:46:14Z 2023-04-24T16:46:14Z
ghsa-7x74-h8cw-qhxq
0.0 (3.1)
Brute force exploit can be used to collect valid usernames 2023-12-13T13:27:06Z 2024-01-12T16:27:48Z
ghsa-8fj5-vvv3-q47w
0.0 (4.0)
An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in M… 2025-10-23T15:30:34Z 2025-10-23T15:30:34Z