Skip to content

GitHub Advisory Database

The latest security vulnerabilities from the world of open source software.

GitHub reviewed advisories

Select ecosystem

Select ecosystem

All reviewed
4,349
Composer
299
Go
155
Maven
755
npm
1,979
NuGet
113
pip
640
RubyGems
408

4,348 advisories

Utils.readChallengeTx does not verify the server account signature
CVE-2021-32738 (Moderate severity) was published Jul 2, 2021 stellar-sdk (npm)
leighmcculloch
XSS Injection in Media Collection Title was possible
CVE-2021-32737 (Low severity) was published Jul 2, 2021 sulu/sulu (Composer)
A user without PR can reset user authentication failures information
CVE-2021-32729 (Low severity) was published Jul 2, 2021 org.xwiki.platform:xwiki-platform-security-authentication-script (Maven)
No CSRF protection on the password change form
CVE-2021-32730 (Moderate severity) was published Jul 2, 2021 org.xwiki.platform:xwiki-platform-administration-ui (Maven)
The reset password form reveal users email address
CVE-2021-32731 (Moderate severity) was published Jul 2, 2021 org.xwiki.platform:xwiki-platform-web (Maven)
Cross-site scripting (XSS) from field and configuration text displayed in the Panel
CVE-2021-32735 (High severity) was published Jul 2, 2021 getkirby/cms (Composer)
hdodov
XML Entity Expansion
CVE-2021-25951 (High severity) was published Jul 2, 2021 XML2Dict (pip)
Remote code injection
CVE-2021-27903 (Critical severity) was published Jul 2, 2021 craftcms/cms (Composer)
Cross-site Scripting
CVE-2021-27902 (Moderate severity) was published Jul 2, 2021 craftcms/cms (Composer)
Improper Restriction of XML External Entity Reference
CVE-2021-21672 (Moderate severity) was published Jul 2, 2021 org.jenkins-ci.plugins:seleniumhtmlreport (Maven)
Cached redirect poisoning via X-Forwarded-Host header
CVE-2021-29479 (High severity) was published Jul 1, 2021 io.ratpack:ratpack-core (Maven)
JLLeitschuh
Default client side session signing key is highly predictable
CVE-2021-29480 (Moderate severity) was published Jul 1, 2021 io.ratpack:ratpack-session (Maven)
JLLeitschuh
Unencrypted storage of client side sessions
CVE-2021-29481 (Moderate severity) was published Jul 1, 2021 io.ratpack:ratpack-session (Maven)
JLLeitschuh
Remote Code Execution Vulnerability in Session Storage
CVE-2021-29485 (Critical severity) was published Jul 1, 2021 io.ratpack:ratpack-core (Maven)
JLLeitschuh
Open Redirect in github.com/AndrewBurian/powermux
CVE-2021-32721 (Moderate severity) was published Jul 1, 2021 github.com/AndrewBurian/powermux (Go)
Code injection in Narou
CVE-2021-35514 (High severity) was published Jul 2, 2021 narou (RubyGems)
Prototype Pollution in think-helper
CVE-2021-32736 (High severity) was published Jul 1, 2021 think-helper (npm)
Yoshino-s
Resource exhaustion in Spring Security
CVE-2021-22119 (High severity) was published Jul 2, 2021 org.springframework.security:spring-security-core (Maven)
Arbitrary Command Injection
CVE-2021-23399 (Critical severity) was published Jun 29, 2021 wincred (npm)
API information disclosure flaw in Elasticsearch
CVE-2021-22135 (Moderate severity) was published Jul 2, 2021 org.elasticsearch:elasticsearch (Maven)
List of order ids, number, items total and token value exposed for unauthorized uses via new API
CVE-2021-32720 (Moderate severity) was published Jun 29, 2021 sylius/sylius (Composer)
nickvanderzwet
Regular Expression Denial of Service (ReDoS) in Prism
CVE-2021-32723 (High severity) was published Jun 28, 2021 prismjs (npm)
XXE vulnerability in Launch import
CVE-2020-12642 (High severity) was published Jun 28, 2021 com.epam.reportportal:service-api (Maven)
Reflected XSS from the callback handler's error query parameter
CVE-2021-32702 (High severity) was published Jun 28, 2021 @auth0/nextjs-auth0 (npm)
inian git-ishanpatel
Missing Authentication for Critical Function
CVE-2021-32709 (Moderate severity) was published Jun 29, 2021 shopware/platform (Composer)
ProTip! Advisories are also available from the GraphQL API