Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
github.com vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-39326
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of d...
Golang Go
5.9
CVSSv3
CVE-2023-26154
Versions of the package pubnub prior to 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub prior to 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 prior to 7.2.0; versions of the package ...
Pubnub Pubnub
Pubnub C-core
Pubnub Kotlin
Pubnub Swift
5.5
CVSSv3
CVE-2023-43123
On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The ...
Apache Storm
9.8
CVSSv3
CVE-2023-37924
Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0....
Apache Submarine
9.8
CVSSv3
CVE-2023-46302
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests (using application/yaml cont...
Apache Submarine
7.5
CVSSv3
CVE-2023-0436
The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Ple...
Mongodb Atlas Kubernetes Operator
Mongodb Atlas Kubernetes Operator 1.5.0
6.1
CVSSv3
CVE-2023-46251
MyBB is a free and open source forum software. Custom MyCode (BBCode) for the visual editor (_SCEditor_) doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the vi...
Mybb Mybb
5.4
CVSSv3
CVE-2023-45815
ArchiveBox is an open source self-hosted web archiving system. Any users who are using the `wget` extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicio...
Archivebox Archivebox
1 Github repository
7.5
CVSSv3
CVE-2023-46227
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 up to and including 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] t...
Apache Inlong
1 Github repository
6.5
CVSSv3
CVE-2023-25753
There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular co...
Apache Shenyu 2.5.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »