GitHub Advisory Database
1,906 advisories
Filter by severity
Private key leak in Apache CXF
CVE-2019-12423
(Moderate severity)
was published May 22, 2020
•
org.apache.cxf:apache-cxf
(Maven)
HTTP Smuggling via Transfer-Encoding Header
CVE-2020-11077
(Moderate severity)
was published May 22, 2020
•
puma
(RubyGems)
HTTP Smuggling via Transfer-Encoding Header
CVE-2020-11076
(High severity)
was published May 22, 2020
•
puma
(RubyGems)
Information disclosure issue in Active Resource
CVE-2020-8151
(Moderate severity)
was published May 21, 2020
•
activeresource
(RubyGems)
Apache Camel Netty enables Java deserialization by default
CVE-2020-11973
(High severity)
was published May 21, 2020
•
org.apache.camel:camel-netty
(Maven)
Apache ActiveMQ webconsole admin GUI is open to XSS
CVE-2020-1941
(Moderate severity)
was published May 21, 2020
•
org.apache.activemq:activemq-web-console
(Maven)
XSS in Dolibarr
CVE-2020-13094
(Low severity)
was published May 21, 2020
•
dolibarr/dolibarr
(Composer)
Code execution vulnerability in HtmlUnit
CVE-2020-5529
(Moderate severity)
was published May 21, 2020
•
net.sourceforge.htmlunit:htmlunit
(Maven)
Potential remote code execution in Apache Tomcat
CVE-2020-9484
(Moderate severity)
was published May 21, 2020
•
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Remote code execution in Apache Commons Configuration
CVE-2020-1953
(High severity)
was published May 21, 2020
•
org.apache.commons:commons-configuration2
(Maven)
Cross-site Scripting in jQuery
CVE-2020-7656
(Moderate severity)
was published May 20, 2020
•
jquery
(npm)
CWE-93 CRLF injection in httplib2
CVE-2020-11078
(Low severity)
was published May 20, 2020
•
httplib2
(pip)
Python Image Library (PIL) allows symlink attacks
CVE-2014-1933
(Moderate severity)
was published May 18, 2020
•
Pillow
(pip)
Backend Same-Site Request Forgery
CVE-2020-11069
(High severity)
was published May 13, 2020
•
typo3/cms-core
(Composer)
Insecure Deserialization in Backend User Settings
CVE-2020-11067
(High severity)
was published May 13, 2020
•
typo3/cms-core
(Composer)
Class destructors causing side-effects when being unserialized
CVE-2020-11066
(High severity)
was published May 13, 2020
•
typo3/cms-core
(Composer)
Cross-Site Scripting in Link Handling
CVE-2020-11065
(Moderate severity)
was published May 13, 2020
•
typo3/cms-core
(Composer)
Cross-Site Scripting in Form Engine
CVE-2020-11064
(Moderate severity)
was published May 13, 2020
•
typo3/cms-core
(Composer)
Information Disclosure in Password Reset
CVE-2020-11063
(Low severity)
was published May 13, 2020
•
typo3/cms-core
(Composer)
Cross-Site Scripting in SVG Sanitizer
CVE-2020-11070
(Moderate severity)
was published May 13, 2020
•
t3g/svg-sanitizer
(Composer)
Arbitrary file write in actionpack-page_caching gem
CVE-2020-8159
(High severity)
was published May 13, 2020
•
actionpack-page_caching
(RubyGems)
Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory.
CVE-2018-21233
(Moderate severity)
was published May 13, 2020
•
tensorflow
(pip)
assets: path traversal
CVE-2020-7647
(Moderate severity)
was published May 13, 2020
•
io.jooby:jooby
(Maven)
curlrequest allows execution of arbitrary commands
CVE-2020-7646
(High severity)
was published May 13, 2020
•
curlrequest
(npm)
False-negative validation results in MINT transactions with invalid baton
CVE-2020-11072
(Critical severity)
was published May 12, 2020
•
slp-validate
(npm)
ProTip! Advisories are also available from the
GraphQL API.