GitHub Advisory Database
3,099 advisories
Filter by severity
Regular expression Denial of Service in Markdown plugin
CVE-2021-21254
(Low severity)
was published Jan 29, 2021
•
@ckeditor/ckeditor5-markdown-gfm
(npm)
Processing untrusted theming resources might execute arbitrary code (ACE)
GHSA-3crj-w4f5-gwh4
(High severity)
was published Jan 29, 2021
•
less-openui5
(npm)
Steam Socialite Provider v1 does not correctly validate openid server
GHSA-hhw9-35p2-q2c5
(Critical severity)
was published Jan 29, 2021
•
socialiteproviders/steam
(Composer)
XSS in Mautic
CVE-2021-3142
(High severity)
was published Jan 29, 2021
•
mautic/core
(Composer)
XML External Entity attack in log4net
CVE-2018-1285
(High severity)
was published Jan 29, 2021
•
log4net
(NuGet)
Malicious npm package: an0n-chat-lib
GHSA-7xcv-wvr7-4h6p
(Critical severity)
was published Jan 29, 2021
•
an0n-chat-lib
(npm)
Malicious npm package: discord-fix
GHSA-qv2g-99x4-45x6
(Critical severity)
was published Jan 29, 2021
•
discord-fix
(npm)
Malicious npm package: sonatype
GHSA-w8fh-pvq2-x8c4
(Critical severity)
was published Jan 29, 2021
•
sonatype
(npm)
IPC messages delivered to the wrong frame in Electron
CVE-2020-26272
(Moderate severity)
was published Jan 28, 2021
•
electron
(npm)
OS Command Injection in async-git
CVE-2021-3190
(Moderate severity)
was published Jan 29, 2021
•
async-git
(npm)
Path traversal in Node-RED-Dashboard
CVE-2021-3223
(High severity)
was published Jan 29, 2021
•
node-red-dashboard
(npm)
XSS in Flarum Sticky extension
CVE-2021-21283
(Moderate severity)
was published Jan 29, 2021
•
flarum/sticky
(Composer)
Users can edit the tags of any discussion
GHSA-32wx-4gxx-h48f
(Moderate severity)
was published Jan 29, 2021
•
flarum/tags
(Composer)
Command Injection in @graphql-tools/git-loader
CVE-2021-23326
(Moderate severity)
was published Jan 29, 2021
•
@graphql-tools/git-loader
(npm)
Cross Site Scripting (XSS) in XWiki
CVE-2021-3137
(Moderate severity)
was published Jan 29, 2021
•
org.xwiki.commons:xwiki-commons
(Maven)
Path Traversal in the Java Kubernetes Client
CVE-2020-8570
(Moderate severity)
was published Jan 29, 2021
•
io.kubernetes:client-java
(Maven)
Improper Verification of Cryptographic Signature in PySAML2
CVE-2021-21239
(Low severity)
was published Jan 21, 2021
•
pysaml2
(pip)
SAML XML Signature wrapping in PySAML2
CVE-2021-21238
(Low severity)
was published Jan 21, 2021
•
pysaml2
(pip)
Blind SQL injection in PrestaShop productcomments module
CVE-2020-26248
(Low severity)
was published Jan 20, 2021
•
prestashop/productcomments
(Composer)
Cross-site Request Forgery in fastify-csrf
CVE-2020-28482
(Moderate severity)
was published Jan 20, 2021
•
fastify-csrf
(npm)
Prototype Pollution in immer
CVE-2020-28477
(High severity)
was published Jan 20, 2021
•
immer
(npm)
Insecure defaults due to CORS misconfiguration in socket.io
CVE-2020-28481
(Moderate severity)
was published Jan 20, 2021
•
socket.io
(npm)
Prototype pollution in gsap
CVE-2020-28478
(High severity)
was published Jan 20, 2021
•
gsap
(npm)
Prototype pollution in JointJS
CVE-2020-28480
(High severity)
was published Jan 20, 2021
•
jointjs
(npm)
Deserialization of untrusted data in jackson-databind
CVE-2021-20190
(High severity)
was published Jan 20, 2021
•
com.fasterxml.jackson.core:jackson-databind
(Maven)
ProTip! Advisories are also available from the
GraphQL API.