GitHub Advisory Database
3,338 advisories
Filter by severity
Rating Script Service expose XWiki to SQL injection
CVE-2021-21380
(High severity)
was published Mar 23, 2021
•
org.xwiki.platform:xwiki-platform-ratings-api
(Maven)
It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro
CVE-2021-21379
(Low severity)
was published Mar 23, 2021
•
org.xwiki.platform:xwiki-platform-rendering-wikimacro-store
(Maven)
OMERO webclient does not validate URL redirects on login or switching group.
CVE-2021-21377
(Low severity)
was published Mar 23, 2021
•
omero-web
(pip)
OMERO.web exposes some unnecessary session information in the page
CVE-2021-21376
(Low severity)
was published Mar 23, 2021
•
omero-web
(pip)
Cross-Site Scripting in Content Preview (CType menu)
CVE-2021-21370
(Low severity)
was published Mar 23, 2021
•
typo3/cms-backend
(Composer)
Denial of Service in Page Error Handling
CVE-2021-21359
(Moderate severity)
was published Mar 23, 2021
•
typo3/cms-core
(Composer)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
CVE-2021-21358
(Moderate severity)
was published Mar 23, 2021
•
typo3/cms-form
(Composer)
Broken Access Control in Form Framework
CVE-2021-21357
(High severity)
was published Mar 23, 2021
•
typo3/cms-form
(Composer)
Unrestricted File Upload in Form Framework
CVE-2021-21355
(High severity)
was published Mar 23, 2021
•
typo3/cms-form
(Composer)
Cross-Site Scripting in Content Preview
CVE-2021-21340
(Low severity)
was published Mar 23, 2021
•
typo3/cms-backend
(Composer)
Cleartext storage of session identifier
CVE-2021-21339
(Low severity)
was published Mar 23, 2021
•
typo3/cms-core
(Composer)
Open Redirection in Login Handling
CVE-2021-21338
(Low severity)
was published Mar 23, 2021
•
typo3/cms-core
(Composer)
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-21351
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-21350
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
CVE-2021-21349
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
CVE-2021-21348
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-21347
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-21346
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
XStream is vulnerable to a Remote Command Execution attack
CVE-2021-21345
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-21344
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights
CVE-2021-21343
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
CVE-2021-21342
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
XStream can cause a Denial of Service
CVE-2021-21341
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
Cross-Site Scripting in lxml
CVE-2021-28957
(Moderate severity)
was published Mar 22, 2021
•
lxml
(pip)
Out-of-bounds write in libpng
CVE-2018-14550
(High severity)
was published Mar 22, 2021
•
libpng
(NuGet)
ProTip!
Advisories are also available from the
GraphQL API