Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
github.com vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-26152
### Summary On all Label Studio versions before 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a [`Choices`](https://labelstud.io/tags/choices) or [`Labels`](https://labelstud.io/tags/labels) tag, resulting in an XSS vulnera...
9.8
CVSSv3
CVE-2022-0664
Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker before 0.8.5,0.9.4,0.10.0,0.10.1.
Gravitl Netmaker
7.5
CVSSv3
CVE-2023-31103
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 up to and including 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InL...
Apache Inlong
7.5
CVSSv3
CVE-2023-31064
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 up to and including 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised ...
Apache Inlong
9.1
CVSSv3
CVE-2023-31066
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 up to and including 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advi...
Apache Inlong
NA
CVE-2023-32302
Rejected reason: Authoritative user requested CVE rejection https://github.com/github/advisory-database/pull/2575#issuecomment-1745811653
7.5
CVSSv3
CVE-2023-31453
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 up to and including 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the delete...
Apache Inlong
7.5
CVSSv3
CVE-2023-31454
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 up to and including 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upg...
Apache Inlong
9.8
CVSSv3
CVE-2024-24579
stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive t...
Anchore Stereoscope
5.5
CVSSv3
CVE-2021-29523
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.AddManySparseToTensorsMap`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a084...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »