GitHub Advisory Database
3,450 advisories
Filter by severity
Improper Input Validation in sopel-plugins.channelmgnt
CVE-2021-21431
(High severity)
was published Apr 9, 2021
•
sopel-plugins.channelmgnt
(pip)
Directory Traversal in Django
CVE-2021-28658
(Low severity)
was published Apr 8, 2021
•
Django
(pip)
CSRF Vuln can expose user's QRcode
GHSA-fxq4-r6mr-9x64
(Low severity)
was published Apr 8, 2021
•
Flask-Security-Too
(pip)
Tampering with links (e.g. password reset) in emails sent by Indico
CVE-2021-30185
(Moderate severity)
was published Apr 8, 2021
•
indico
(pip)
Improper Restriction of XML External Entity Reference in Plone
CVE-2020-28734
(High severity)
was published Apr 7, 2021
•
Plone
(pip)
Improper Restriction of XML External Entity Reference in Plone
CVE-2020-28736
(High severity)
was published Apr 7, 2021
•
Plone
(pip)
SSRF attacks via tracebacks in Plone
CVE-2020-28735
(High severity)
was published Apr 7, 2021
•
Plone
(pip)
Improper Certificate Validation in phpseclib
CVE-2021-30130
(Moderate severity)
was published Apr 7, 2021
•
phpseclib/phpseclib
(Composer)
Arbitrary code execution in clickhouse-driver
CVE-2020-26759
(Critical severity)
was published Apr 7, 2021
•
clickhouse-driver
(pip)
Cross-site scripting in actionpack
CVE-2020-8264
(Moderate severity)
was published Apr 7, 2021
•
actionpack
(RubyGems)
Logic error in authentication in proxy.py
CVE-2021-3116
(High severity)
was published Apr 7, 2021
•
proxy.py
(pip)
HTTP Request smuggling in bottle
CVE-2020-28473
(Moderate severity)
was published Apr 7, 2021
•
bottle
(pip)
Rebuild-bot workflow may allow unauthorised repository modifications
CVE-2021-21423
(Moderate severity)
was published Apr 6, 2021
•
projen
(npm)
Exposure of Sensitive Information to an Unauthorized Actor in Ansible
CVE-2020-1739
(Low severity)
was published Apr 7, 2021
•
ansible
(pip)
Path Traversal in Ansible
CVE-2020-1735
(Low severity)
was published Apr 7, 2021
•
ansible
(pip)
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible
CVE-2020-1753
(Low severity)
was published Apr 7, 2021
•
ansible
(pip)
Exposure of Sensitive Information to an Unauthorized Actor and Insecure Temporary File in Ansible
CVE-2020-1740
(Low severity)
was published Apr 7, 2021
•
ansible
(pip)
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible
CVE-2020-10684
(Low severity)
was published Apr 7, 2021
•
ansible
(pip)
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
CVE-2020-10685
(Low severity)
was published Apr 7, 2021
•
ansible
(pip)
Directory exposure in jetty
CVE-2021-28163
(Low severity)
was published Apr 6, 2021
•
org.eclipse.jetty:jetty-deploy
(Maven)
Uncontrolled Resource Consumption in jetty
CVE-2021-28165
(High severity)
was published Apr 6, 2021
•
org.eclipse.jetty:jetty-io
(Maven)
Authorization Before Parsing and Canonicalization in jetty
CVE-2021-28164
(Moderate severity)
was published Apr 6, 2021
•
org.eclipse.jetty:jetty-webapp
(Maven)
Command Injection Vulnerability in systeminformation
CVE-2021-21388
(Moderate severity)
was published Apr 6, 2021
•
systeminformation
(npm)
ApiKey secret could be revelated on network issue
CVE-2021-21421
(High severity)
was published Apr 6, 2021
•
node-etsy-client
(npm)
Improper Access Control in Airflow
CVE-2021-26559
(Moderate severity)
was published Apr 7, 2021
•
apache-airflow
(pip)
ProTip!
Advisories are also available from the
GraphQL API