GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
Uncaught Exception in fastify-multipart
High
CVE-2021-23597
was published
for
fastify-multipart
(npm)
Feb 11, 2022
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Weblate
High
CVE-2022-23915
was published
for
Weblate
(pip)
Mar 4, 2022
Command Injection Vulnerability with Mercurial in VCS
Critical
CVE-2022-21235
was published
for
github.com/Masterminds/vcs
(Go)
Apr 1, 2022
Regular Expression Denial of Service in Deno.upgradeWebSocket API
Moderate
CVE-2023-26103
was published
for
deno
(Rust)
Apr 3, 2023
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
High
CVE-2023-0040
was published
for
github.com/swift-server/async-http-client
(Swift)
Jun 7, 2023
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Moderate
CVE-2022-3215
was published
for
github.com/apple/swift-nio
(Swift)
Jun 7, 2023
@saltcorn/server arbitrary file zip read and download when downloading auto backups
Moderate
GHSA-277h-px4m-62q8
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
@saltcorn/server arbitrary file and directory listing when accessing build mobile app results
Moderate
GHSA-cfqx-f43m-vfh7
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings
High
GHSA-78p3-fwcq-62c2
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
High
GHSA-fm76-w8jw-xf8m
was published
for
@saltcorn/plugins-loader
(npm)
Oct 3, 2024
ProTip!
Advisories are also available from the
GraphQL API