GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
26 advisories
Quarkus has Authentication/Authorization bypasses
High
CVE-2026-39852
was published
for
io.quarkus:quarkus-vertx-http
(Maven)
May 4, 2026
Sylius affected by IDOR in Cart and Checkout LiveComponents
High
CVE-2026-31820
was published
for
sylius/sylius
(Composer)
Mar 11, 2026
NocoDB Vulnerable to Stored Cross-Site Scripting via Rich Text Cells
Moderate
CVE-2026-28401
was published
for
nocodb
(npm)
Mar 3, 2026
NocoDB Vulnerable to Stored Cross-site Scripting via Comments
Moderate
CVE-2026-28397
was published
for
nocodb
(npm)
Mar 3, 2026
Unauthenticated Spree Commerce users can access all guest addresses
High
CVE-2026-25758
was published
for
spree_api
(RubyGems)
Feb 5, 2026
Unauthenticated Spree Commerce users can view completed guest orders by Order ID
High
CVE-2026-25757
was published
for
spree_storefront
(RubyGems)
Feb 5, 2026
NocoDB has Unvalidated Redirect in Login Flow via continueAfterSignIn Parameter
Moderate
CVE-2026-24768
was published
for
nocodb
(npm)
Jan 28, 2026
NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload
High
CVE-2026-24769
was published
for
nocodb
(npm)
Jan 28, 2026
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)
Critical
CVE-2025-25292
was published
for
ruby-saml
(RubyGems)
Mar 12, 2025
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses
High
CVE-2025-25293
was published
for
ruby-saml
(RubyGems)
Mar 12, 2025
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Moderate
CVE-2024-47529
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
High
CVE-2024-46977
was published
for
openc3
(RubyGems)
Oct 2, 2024
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Moderate
CVE-2024-43795
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
CometVisu Backend for openHAB has a path traversal vulnerability
Moderate
CVE-2024-42468
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
CometVisu Backend for openHAB affected by RCE through path traversal
Critical
CVE-2024-42469
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
CometVisu Backend for openHAB has a sensitive information disclosure vulnerability
Moderate
CVE-2024-42470
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
CometVisu Backend for openHAB affected by SSRF/XSS
High
CVE-2024-42467
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
Absolute path traversal vulnerability in digdag server
Moderate
CVE-2024-25125
was published
for
io.digdag:digdag-server
(Maven)
Feb 14, 2024
Decidim Cross-site Scripting vulnerability in the external link redirections
Moderate
CVE-2023-32693
was published
for
decidim
(RubyGems)
Jul 11, 2023
Decidim vulnerable to sensitive data disclosure
High
CVE-2023-34090
was published
for
decidim
(RubyGems)
Jul 11, 2023
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay
High
CVE-2023-30614
was published
for
pay
(RubyGems)
Apr 20, 2023
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Low
CVE-2022-39379
was published
for
fluentd
(RubyGems)
Nov 2, 2022
acryl-datahub missing JWT signature check
Critical
CVE-2022-39366
was published
for
acryl-datahub
(pip)
Oct 31, 2022
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint
Moderate
CVE-2022-39281
was published
for
fat_free_crm
(RubyGems)
Oct 7, 2022
Remote Code Execution in paginator
Critical
CVE-2020-15150
was published
for
paginator
(Erlang)
Apr 12, 2022
ProTip!
Advisories are also available from the
GraphQL API