Skip to content

GitHub Advisory Database

The latest security vulnerabilities from the world of open source software.

GitHub reviewed advisories

Select ecosystem

Select ecosystem

All reviewed
4,307
Composer
291
Go
137
Maven
745
npm
1,975
NuGet
113
pip
639
RubyGems
407

4,306 advisories

Regular Expression Denial of Service (ReDoS) in Prism
CVE-2021-32723 (High severity) was published Jun 28, 2021 prismjs (npm)
XXE vulnerability in Launch import
CVE-2020-12642 (High severity) was published Jun 28, 2021 com.epam.reportportal:service-api (Maven)
Reflected XSS from the callback handler's error query parameter
CVE-2021-32702 (High severity) was published Jun 28, 2021 @auth0/nextjs-auth0 (npm)
inian git-ishanpatel
XXE vulnerability on Launch import with externally-defined DTD file
CVE-2021-29620 (High severity) was published Jun 28, 2021 com.epam.reportportal:service-api (Maven)
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19
CVE-2021-31412 (Moderate severity) was published Jun 28, 2021 com.vaadin:vaadin-bom (Maven)
Reflected cross-site scripting in development mode handler in Vaadin
GHSA-8vfw-v2jv-9hwc (Low severity) was published Jun 28, 2021 com.vaadin:flow-server (Maven)
Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19
CVE-2021-33604 (Low severity) was published Jun 28, 2021 com.vaadin:vaadin-bom (Maven)
non-admin users can create integration role with administrator role
GHSA-243q-g9j3-qf6r (Moderate severity) was published Jun 28, 2021 shopware/core (Composer)
Internal hidden fields are visible on to many associations in admin api
GHSA-gpmh-g94g-qrhr (Moderate severity) was published Jun 28, 2021 shopware/core (Composer)
Private files publicly accessible with Cloud Storage providers
GHSA-vrf2-xghr-j52v (High severity) was published Jun 28, 2021 shopware/core (Composer)
Creation of order credits was not validated by acl in admin orders
GHSA-g7w8-pp9w-7p32 (Low severity) was published Jun 28, 2021 shopware/core (Composer)
Canceling of orders not related to the logged-in user
GHSA-wq3r-jwrq-xg6w (Moderate severity) was published Jun 28, 2021 shopware/core (Composer)
Potential Denial-of-Service in bindata
CVE-2021-32823 (Low severity) was published Jun 23, 2021 bindata (RubyGems)
Incorrect Authorization in ORY Oathkeeper
CVE-2021-32701 (High severity) was published Jun 24, 2021 github.com/ory/oathkeeper (Go)
Unchecked hostname resolution could allow access to local network resources by users outside the local network
GHSA-6rg3-8h8x-5xfv (Moderate severity) was published Jun 23, 2021 github.com/pterodactyl/wings (Go)
Possible bypass of token claim validation when OAuth2 Introspection caching is enabled
GHSA-qvp4-rpmr-xwrr (High severity) was published Jun 23, 2021 github.com/ory/oathkeeper (Go)
flusflas
SessionListener can prevent a session from being invalidated breaking logout
CVE-2021-34428 (Low severity) was published Jun 23, 2021 org.eclipse.jetty:jetty-server (Maven)
rmannibucau stephenc
Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings
CVE-2021-32699 (Moderate severity) was published Jun 23, 2021 github.com/pterodactyl/wings (Go)
Regular Expression Denial of Service (ReDOS)
CVE-2021-29060 (High severity) was published Jun 22, 2021 color-string (npm)
Cross-site scripting
CVE-2021-21422 (High severity) was published Jun 28, 2021 mongo-express (npm)
JafarAkhondali
Form validation can be skipped
CVE-2021-32697 (Moderate severity) was published Jun 22, 2021 neos/form (Composer)
anianweber
Panic in malformed cerftificate
CVE-2020-7919 (High severity) was published Jun 23, 2021 github.com/helm/helm (Go)
Authentication granted to all firewalls instead of just one
CVE-2021-32693 (High severity) was published Jun 21, 2021 symfony/security-http (Composer)
mynameisbogdan pwarchol
Warxcell wouterj adrienlamotte
Passing in a non-string 'html' argument can lead to unsanitized output
CVE-2021-32696 (Moderate severity) was published Jun 18, 2021 striptags (npm)
erik-krogh
Improper network isolation in Hashicorp Nomad
CVE-2021-32575 (Moderate severity) was published Jun 24, 2021 github.com/hashicorp/nomad (Go)
ProTip! Advisories are also available from the GraphQL API