cve-arsenal

CVE Arsenal Automated CVE exploit scanners and Nuclei templat...

GHSA-MRFV-M5WM-5W6W libsodium has Incomplete List of Disallowed Inputs

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. This advisoory...

GitHub Advisory Database by the numbers: Known security vulnerabilities and what you can do about them

The GitHub Advisory Database Advisory DB is a vital resource for developers, providing a comprehensive list of known security vulnerabilities and malware affecting open source packages. This post analyzes trends in the Advisory DB, highlighting the growth in reviewed advisories, ecosystem coverag...

CVE-2023-32302

Rejected reason: Authoritative user requested CVE rejection https://github.com/github/advisory-database/pull/2575issuecomment-1745811653...

Reflected XSS in Gotify's /docs via import of outdated Swagger UI

Impact Gotify exposes an outdated instance of the Swagger UI API documentation frontend at /docs which is susceptible to reflected XSS attacks when loading external Swagger config files. Specifically, the DOMPurify version included with this version of Swagger UI is vulnerable to a rendering XSS...

GHSA-3244-8MFF-W398 Reflected XSS in Gotify's /docs via import of outdated Swagger UI

Impact Gotify exposes an outdated instance of the Swagger UI API documentation frontend at /docs which is susceptible to reflected XSS attacks when loading external Swagger config files. Specifically, the DOMPurify version included with this version of Swagger UI is vulnerable to a rendering XSS...

Withdrawn Advisory: Magento 2 Community Edition XSS Vulnerability

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a package in one of the GitHub Advisory Database's supported ecosystems. This link is maintained to preserve external references. Original Description In Magento prior to 1.9.4.3 and Magento prior to...

Pillow -- Regular Expression Denial of Service (ReDoS)

GitHub Advisory Database reports: Uncontrolled Resource Consumption in pillow. The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function. References: https://nvd.nist.gov/vuln/detail/CVE-2021-23437...