GitHub Advisory Database
3,603 advisories
Filter by severity
Local information disclosure via system temporary directory
CVE-2021-28168
(Moderate severity)
was published Apr 23, 2021
•
org.glassfish.jersey.core:jersey-common
(Maven)
Uncontrolled Resource Consumption in pillow
GHSA-jgpv-4h4c-xhw3
(Moderate severity)
was published Apr 23, 2021
•
pillow
(pip)
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
GHSA-6hgr-2g6q-3rmc
(Moderate severity)
was published Apr 22, 2021
•
com.vaadin:flow-client
(Maven)
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
CVE-2021-31408
(Moderate severity)
was published Apr 22, 2021
•
com.vaadin:vaadin-bom
(Maven)
Authentication bypass in Apache Shiro
CVE-2020-17510
(Critical severity)
was published Apr 22, 2021
•
org.apache.shiro:shiro-spring
(Maven)
Code Injection in oauth2-server
CVE-2017-18924
(High severity)
was published Apr 22, 2021
•
oauth2-server
(npm)
Backport for CVE-2021-21024 Blind SQLi from Magento 2
CVE-2021-21427
(Low severity)
was published Apr 22, 2021
•
openmage/magento-lts
(Composer)
Missing Authentication for Critical Function in Apache Calcite
CVE-2020-13955
(Moderate severity)
was published Apr 22, 2021
•
org.apache.calcite:calcite-core
(Maven)
Fixes a bug in Zend Framework's Stream HTTP Wrapper
CVE-2021-21426
(Low severity)
was published Apr 22, 2021
•
openmage/magento-lts
(Composer)
"Deserialization errors in MyBatis"
CVE-2020-26945
(High severity)
was published Apr 22, 2021
•
org.mybatis:mybatis
(Maven)
.NET Core Remote Code Execution Vulnerability
CVE-2021-26701
(Critical severity)
was published Apr 21, 2021
•
System.Text.Encodings.Web
(NuGet)
.NET Core Information Disclosure
CVE-2018-8292
(High severity)
was published Apr 21, 2021
•
System.Net.Http
(NuGet)
Remote Code Execution and download tracking in Mintegral SDK
CVE-2020-7744
(Moderate severity)
was published Apr 22, 2021
•
com.mintegral.msdk:alphab
(Maven)
Cross-site scripting in Apache CXF
CVE-2020-13954
(Moderate severity)
was published Apr 22, 2021
•
org.apache.cxf:apache-cxf
(Maven)
Cross-site Scripting in GwtUpload
CVE-2020-9447
(Moderate severity)
was published Apr 22, 2021
•
com.googlecode.gwtupload:gwtupload
(Maven)
XSS Cross Site Scripting
CVE-2021-29459
(Critical severity)
was published Apr 22, 2021
•
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Improper Certificate Validation in oauth ruby gem
CVE-2016-11086
(High severity)
was published Apr 22, 2021
•
oauth
(RubyGems)
Cross-Site Request Forgery in Vert.x-Web framework
CVE-2020-35217
(High severity)
was published Apr 22, 2021
•
io.vertx:vertx-web
(Maven)
Observable Differences in Behavior to Error Inputs in Bouncy Castle
CVE-2020-26939
(Moderate severity)
was published Apr 22, 2021
•
org.bouncycastle:bc-fips
(Maven)
Improper Certificate Validation in blackduck
CVE-2020-27589
(High severity)
was published Apr 20, 2021
•
blackduck
(pip)
Improper Restriction of XML External Entity Reference in pikepdf
CVE-2021-29421
(High severity)
was published Apr 20, 2021
•
pikepdf
(pip)
Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields
CVE-2021-29434
(Low severity)
was published Apr 20, 2021
•
wagtail
(pip)
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
CVE-2018-25007
(Low severity)
was published Apr 19, 2021
•
com.vaadin:flow-server
(Maven)
VVE-2021-0002: Incorrect `returndatasize` when using simple forwarder proxies deployed prior to EIP-1167 adoption
GHSA-375m-5fvv-xq23
(Low severity)
was published Apr 19, 2021
•
vyper
(pip)
Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13
CVE-2019-25027
(Moderate severity)
was published Apr 19, 2021
•
com.vaadin:flow-server
(Maven)
ProTip!
Advisories are also available from the
GraphQL API