Skip to content

GitHub Advisory Database

1,958 advisories

SSB-DB#get() is decrypting messages by default
CVE-2020-4045 (High severity) was published Jun 11, 2020 ssb-db (npm)
Malformed TAA in a transaction causes view change
CVE-2020-11090 (High severity) was published Jun 11, 2020 indy-node (pip)
Arbitrary code execution in Apache Commons BeanUtils
CVE-2014-0114 (High severity) was published Jun 10, 2020 commons-beanutils:commons-beanutils (Maven)
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-11112 (Moderate severity) was published Jun 10, 2020 com.fasterxml.jackson.core:jackson-databind (Maven)
Information disclosure in JBoss Weld
CVE-2014-8122 (Moderate severity) was published Jun 10, 2020 org.jboss.weld:weld-core-bom (Maven)
Prototype pollution in ini-parser
CVE-2020-7617 (High severity) was published Jun 10, 2020 ini-parser (npm)
Phar unserialization vulnerability
CVE-2020-4043 (High severity) was published Jun 10, 2020 phpmussel/phpmussel (Composer)
SQL Injection in Geocoder
CVE-2020-7981 (High severity) was published Jun 10, 2020 geocoder (RubyGems)
Denial of Service in Cryptacular
CVE-2020-7226 (Moderate severity) was published Jun 10, 2020 org.cryptacular:cryptacular (Maven)
Validation Bypass in schema-inspector
CVE-2019-10781 (High severity) was published Jun 10, 2020 schema-inspector (npm)
Insecure Deserialization in Apache XML-RPC
CVE-2019-17570 (High severity) was published Jun 10, 2020 org.apache.xmlrpc (Maven)
Reflected Cross-Site Scripting in Apache CXF
CVE-2019-17573 (Moderate severity) was published Jun 10, 2020 org.apache.cxf:apache-cxf (Maven)
The filename of uploaded files vulnerable to stored XSS
CVE-2020-4041 (Moderate severity) was published Jun 9, 2020 bolt/bolt (Composer)
CSRF issue on preview pages
CVE-2020-4040 (High severity) was published Jun 9, 2020 bolt/bolt (Composer)
Reflected XSS in GraphQL Playground React, HTML and Middlewares
CVE-2020-4038 (High severity) was published Jun 9, 2020 graphql-playground-html (npm)
Schema validation rules are not passed to the subscription server, including rules that restrict introspection
GHSA-w42g-7vfc-xf37 (Moderate severity) was published Jun 5, 2020 apollo-server (npm)
Potential XSS vulnerability when passing untrusted input to jQuery HTML manipulation methods
GHSA-v73w-r9xg-7cr9 (Moderate severity) was published Jun 5, 2020 october/october (Composer)
dom4j allows External Entities by default which might enable XXE attacks
CVE-2020-10683 (High severity) was published Jun 5, 2020 org.dom4j:dom4j (Maven)
Arbitrary shell command execution in logkitty
CVE-2020-8149 (High severity) was published Jun 5, 2020 logkitty (npm)
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
CVE-2020-9488 (Moderate severity) was published Jun 5, 2020 org.apache.logging.log4j:log4j (Maven)
Signature wrapping vulnerability in Spring Security
CVE-2020-5407 (Moderate severity) was published Jun 5, 2020 org.springframework.security:spring-security-core (Maven)
Directory traversal attack in Spring Cloud Config
CVE-2020-5410 (Moderate severity) was published Jun 5, 2020 org.springframework.cloud:spring-cloud-config-server (Maven)
Directory traversal attack in Spring Cloud Config
CVE-2020-5405 (Moderate severity) was published Jun 5, 2020 org.springframework.cloud:spring-cloud-config-server (Maven)
File system access via H2 in Apache Ignite
CVE-2020-1963 (Moderate severity) was published Jun 5, 2020 org.apache.ignite:ignite-core (Maven)
Django Rest Framework allows obtaining new token from notionally invalidated token
CVE-2020-10594 (Moderate severity) was published Jun 5, 2020 drf-jwt (pip)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.