GitHub Advisory Database
3,109 advisories
Filter by severity
Code injection in Apache Ant
CVE-2020-11979
(High severity)
was published Feb 3, 2021
•
org.apache.ant:ant
(Maven)
Unbounded connection acceptance in http4s-blaze-server
CVE-2021-21294
(High severity)
was published Feb 2, 2021
•
org.http4s:http4s-blaze-server_2.12
(Maven)
Unbounded connection acceptance leads to file handle exhaustion
CVE-2021-21293
(High severity)
was published Feb 2, 2021
•
org.http4s:blaze-core_2.11
(Maven)
Command Injection Vulnerability in Mechanize
CVE-2021-21289
(Low severity)
was published Feb 2, 2021
•
mechanize
(RubyGems)
Cross-site scripting in Bleach
GHSA-vv2x-vrpj-qqpq
(Moderate severity)
was published Feb 2, 2021
•
bleach
(pip)
Unexpected database bindings
GHSA-x7p5-p2c9-phvg
(High severity)
was published Feb 2, 2021
•
illuminate/database
(Composer)
Reflected Cross-site Scripting in ACS Commons
CVE-2021-21028
(High severity)
was published Feb 2, 2021
•
com.adobe.acs:acs-aem-commons
(Maven)
Denial of Service in uap-core
GHSA-p4pj-mg4r-x6v4
(High severity)
was published Feb 2, 2021
•
uap-core
(npm)
Angular Expressions - Remote Code Execution
CVE-2021-21277
(Low severity)
was published Feb 1, 2021
•
angular-expressions
(npm)
Prototype pollution in nested-object-assign
CVE-2021-23329
(High severity)
was published Feb 1, 2021
•
nested-object-assign
(npm)
Regular expression Denial of Service in Markdown plugin
CVE-2021-21254
(Low severity)
was published Jan 29, 2021
•
@ckeditor/ckeditor5-markdown-gfm
(npm)
Processing untrusted theming resources might execute arbitrary code (ACE)
GHSA-3crj-w4f5-gwh4
(High severity)
was published Jan 29, 2021
•
less-openui5
(npm)
Steam Socialite Provider v1 does not correctly validate openid server
GHSA-hhw9-35p2-q2c5
(Critical severity)
was published Jan 29, 2021
•
socialiteproviders/steam
(Composer)
XSS in Mautic
CVE-2021-3142
(High severity)
was published Jan 29, 2021
•
mautic/core
(Composer)
XML External Entity attack in log4net
CVE-2018-1285
(High severity)
was published Jan 29, 2021
•
log4net
(NuGet)
Malicious npm package: an0n-chat-lib
GHSA-7xcv-wvr7-4h6p
(Critical severity)
was published Jan 29, 2021
•
an0n-chat-lib
(npm)
Malicious npm package: discord-fix
GHSA-qv2g-99x4-45x6
(Critical severity)
was published Jan 29, 2021
•
discord-fix
(npm)
Malicious npm package: sonatype
GHSA-w8fh-pvq2-x8c4
(Critical severity)
was published Jan 29, 2021
•
sonatype
(npm)
IPC messages delivered to the wrong frame in Electron
CVE-2020-26272
(Moderate severity)
was published Jan 28, 2021
•
electron
(npm)
OS Command Injection in async-git
CVE-2021-3190
(Moderate severity)
was published Jan 29, 2021
•
async-git
(npm)
Path traversal in Node-RED-Dashboard
CVE-2021-3223
(High severity)
was published Jan 29, 2021
•
node-red-dashboard
(npm)
XSS in Flarum Sticky extension
CVE-2021-21283
(Moderate severity)
was published Jan 29, 2021
•
flarum/sticky
(Composer)
Users can edit the tags of any discussion
GHSA-32wx-4gxx-h48f
(Moderate severity)
was published Jan 29, 2021
•
flarum/tags
(Composer)
Command Injection in @graphql-tools/git-loader
CVE-2021-23326
(Moderate severity)
was published Jan 29, 2021
•
@graphql-tools/git-loader
(npm)
Cross Site Scripting (XSS) in XWiki
CVE-2021-3137
(Moderate severity)
was published Jan 29, 2021
•
org.xwiki.commons:xwiki-commons
(Maven)
ProTip! Advisories are also available from the
GraphQL API.