GitHub Advisory Database
2,862 advisories
Filter by severity
Potential XSS vulnerability in Action View
CVE-2020-15169
(Moderate severity)
was published Sep 11, 2020
•
actionview
(RubyGems)
Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (CVE-2018-17145)
CVE-2018-17145
(High severity)
was published Sep 10, 2020
•
bcoin
(npm)
Users with SCRIPT right can access the application server instance manager and create arbitrary Java objects through $request binding
CVE-2020-15171
(Low severity)
was published Sep 10, 2020
•
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
The `size` option isn't honored after following a redirect
CVE-2020-15168
(Low severity)
was published Sep 10, 2020
•
node-fetch
(npm)
Lack of URL normalization may lead to authorization bypass when URL access rules are used
CVE-2020-24660
(High severity)
was published Sep 9, 2020
•
lemonldap-ng-handler
(npm)
Invalid root may become trusted root
CVE-2020-15163
(Low severity)
was published Sep 9, 2020
•
tuf
(pip)
Validation bypass vulnerability
GHSA-2p6g-gjp8-ggg9
(Low severity)
was published Sep 9, 2020
•
personnummer/personnummer
(Composer)
Validation bypass vulnerability
GHSA-qv8q-v995-72gr
(Low severity)
was published Sep 9, 2020
•
personnummer
(NuGet)
Validation bypass vulnerability
GHSA-rxq3-5249-8hgg
(Low severity)
was published Sep 9, 2020
•
personnummer
(pip)
Validation bypass vulnerability
GHSA-vpgc-7h78-gx8f
(Low severity)
was published Sep 4, 2020
•
personnummer
(npm)
Information Disclosure and Broken Access Control in Backend Module
CVE-2020-25026
(Moderate severity)
was published Sep 2, 2020
•
derhansen/sf_event_mgt
(Composer)
Prevent RCE when calling untrusted remote with CachingHttpClient
CVE-2020-15094
(High severity)
was published Sep 2, 2020
•
symfony/http-kernel
(Composer)
Remote Memory Exposure in bl
CVE-2020-8244
(High severity)
was published Sep 2, 2020
•
bl
(npm)
Command Injection in bestzip
GHSA-4qqc-mp5f-ccv4
(Critical severity)
was published Sep 2, 2020
•
bestzip
(npm)
Improper Authorization in @sap-cloud-sdk/core
GHSA-r2vw-jgq9-jqx2
(High severity)
was published Sep 3, 2020
•
@sap-cloud-sdk/core
(npm)
Remote Code Execution in next
GHSA-5vj8-3v2h-h38v
(High severity)
was published Sep 4, 2020
•
next
(npm)
Cross-Site Scripting in bootstrap-select
GHSA-9r7h-6639-v5mw
(High severity)
was published Sep 3, 2020
•
bootstrap-select
(npm)
Cross-Site Scripting in @toast-ui/editor
GHSA-cr56-66mx-293v
(High severity)
was published Sep 3, 2020
•
@toast-ui/editor
(npm)
DLL Injection in kerberos
GHSA-m2mx-rfpw-jghv
(High severity)
was published Sep 4, 2020
•
kerberos
(npm)
Regular Expression Denial of Service in papaparse
GHSA-qvjc-g5vr-mfgr
(High severity)
was published Sep 4, 2020
•
papaparse
(npm)
Malicious Package in m-backdoor
GHSA-vv52-3mrp-455m
(Critical severity)
was published Sep 3, 2020
•
m-backdoor
(npm)
Prototype Pollution in sds
CVE-2020-7618
(High severity)
was published Sep 3, 2020
•
sds
(npm)
Buffer Overflow in node-weakauras-parser
GHSA-86mr-6m89-vgj3
(Moderate severity)
was published Sep 3, 2020
•
node-weakauras-parser
(npm)
Prototype Pollution in utils-extend
CVE-2020-8147
(High severity)
was published Sep 3, 2020
•
utils-extend
(npm)
Server-Side Request Forgery in @uppy/companion
CVE-2020-8135
(High severity)
was published Sep 3, 2020
•
@uppy/companion
(npm)
ProTip! Advisories are also available from the
GraphQL API.