Skip to content

GitHub Advisory Database

2,948 advisories

CLI does not correctly implement strict mode
GHSA-2xwp-m7mq-7q3r (Low severity) was published Oct 28, 2020 aws-encryption-sdk-cli (pip)
command injection vularibiliry
GHSA-fj59-f6c3-3vw4 (Moderate severity) was published Oct 27, 2020 systeminformation (npm)
HMAC-SHA1 signatures can bypass validation via key confusion
GHSA-c27r-x354-4m68 (High severity) was published Oct 27, 2020 xml-crypto (npm)
RSA decryption vulnerable to Bleichenbacher timing vulnerability
CVE-2020-25659 (Moderate severity) was published Oct 27, 2020 cryptography (pip)
command injection vulnerability
CVE-2020-7752 (Moderate severity) was published Oct 27, 2020 systeminformation (npm)
Unauthorized privilege escalation in Mod module
GHSA-mp9m-g7qj-6vqr (Moderate severity) was published Oct 27, 2020 red-discordbot (pip)
Heap overflow in the freetype library (CVE-2020-15999)
CVE-2020-15999 (Critical severity) was published Oct 27, 2020 CefSharp.Common (NuGet)
Update bitlyshortener to >=0.5.0 to prevent generating some invalid short URLs
GHSA-r82c-j4mq-5xfw (High severity) was published Oct 27, 2020 bitlyshortener (pip)
Arbitrary Code Execution in blazar-dashboard
CVE-2020-26943 (Moderate severity) was published Oct 27, 2020 blazar-dashboard (pip)
Markdown-supplied Shell Command Execution
CVE-2020-15271 (Critical severity) was published Oct 27, 2020 lookatme (pip)
Receiving subscription objects with deleted session
CVE-2020-15270 (Moderate severity) was published Oct 27, 2020 parse-server (npm)
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls
CVE-2020-15269 (High severity) was published Oct 20, 2020 spree (RubyGems)
HTTP Request Smuggling in Agoo
CVE-2020-7670 (Moderate severity) was published Oct 20, 2020 agoo (RubyGems)
Denial of Service via Cache Flooding
GHSA-p68v-frgx-4rjp (Low severity) was published Oct 19, 2020 shopware/core (Composer)
Authenticated XML External Entity Processing
GHSA-8xv9-qcr9-ww9j (Low severity) was published Oct 19, 2020 shopware/core (Composer)
Prototype pollution affecting the set() method using the includeInheritedProps mode
CVE-2020-15256 (High severity) was published Oct 19, 2020 object-path (npm)
Ability to switch customer email address on account detail page and stay verified
CVE-2020-15245 (Low severity) was published Oct 19, 2020 sylius\sylius (Composer)
Inline attribute values were not processed.
CVE-2020-15263 (High severity) was published Oct 19, 2020 orchid/platform (Composer)
Unprotected dynamically loaded chunks
CVE-2020-15262 (Low severity) was published Oct 19, 2020 webpack-subresource-integrity (npm)
Regular Expression Denial of Service in npm-user-validate
GHSA-xgh6-85xh-479p (Low severity) was published Oct 16, 2020 npm-user-validate (npm)
Memory exhaustion in http4s-async-http-client with large or malicious compressed responses
GHSA-8hxh-r6f7-jf45 (Low severity) was published Oct 16, 2020 org.http4s:http4s-async-http-client_2.12 (Maven)
Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint
CVE-2020-26891 (Moderate severity) was published Oct 16, 2020 matrix-synapse (pip)
Users with SCRIPT right can access the application server instance manager and create arbitrary Java objects through $xcontext.request and $context.request binding
CVE-2020-15252 (High severity) was published Oct 16, 2020 org.xwiki.platform:xwiki-platform-oldcore (Maven)
Ciphertext Malleability Issue in Tink Java
CVE-2020-8929 (Low severity) was published Oct 16, 2020 com.google.crypto.tink:tink (Maven)
Privilege Escalation issue in makemodechange self action logic
CVE-2020-15251 (Critical severity) was published Oct 13, 2020 sopel_plugins.channelmgnt (pip)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.