GitHub Advisory Database
1,598 advisories
Filter by severity
Lacks element count during splitting of JWE string
CVE-2019-18848
(Moderate severity)
was published Nov 14, 2019
•
json-jwt
(RubyGems)
Malicious payload execution possible due to polymorphic typing issue
CVE-2019-17531
(Critical severity)
was published Nov 13, 2019
•
com.fasterxml.jackson.core:jackson-databind
(Maven)
Malicious payload execution possible due to polymorphic typing issue
CVE-2019-16943
(Moderate severity)
was published Nov 13, 2019
•
com.fasterxml.jackson.core:jackson-databind
(Maven)
Unpublished versions of files are publicly exposed to anyone who can guess their URL
CVE-2019-16409
(Moderate severity)
was published Nov 12, 2019
•
symbiote/silverstripe-versionedfiles
(Composer)
Access escalation for CMS users with limited access through permission cache pollution
CVE-2019-12617
(Moderate severity)
was published Nov 12, 2019
•
silverstripe/framework
(Composer)
Incorrect access control for protected files uploaded via Upload::loadIntoFile()
CVE-2019-12245
(Moderate severity)
was published Nov 12, 2019
•
silverstripe/framework
(Composer)
SilverStripe through 4.3.3 allows session fixation in the "change password" form.
CVE-2019-12203
(Moderate severity)
was published Nov 12, 2019
•
silverstripe/framework
(Composer)
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine.
CVE-2019-13234
(Moderate severity)
was published Nov 12, 2019
•
org.opencms:opencms-core
(Maven)
Multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources
CVE-2019-13237
(Moderate severity)
was published Nov 12, 2019
•
org.opencms:opencms-core
(Maven)
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.
CVE-2019-13235
(Moderate severity)
was published Nov 12, 2019
•
org.opencms:opencms-core
(Maven)
Multiple Reflected and Stored XSS issues in the management interface
CVE-2019-13236
(Moderate severity)
was published Nov 12, 2019
•
org.opencms:opencms-core
(Maven)
XML entity injection vulnerability possible via crafted document type definition
CVE-2019-8126
(Moderate severity)
was published Nov 12, 2019
•
magento/community-edition
(Composer)
Outdated versions of JS libraries used with known security vulnerabilities
CVE-2019-8121
(Moderate severity)
was published Nov 12, 2019
•
magento/community-edition
(Composer)
Remote code execution possible via service identifiers derived from user controlled data
CVE-2019-8135
(Moderate severity)
was published Nov 12, 2019
•
magento/community-edition
(Composer)
User with privileges to generate sitemaps can bypass configuration that restricts directory access
CVE-2019-8133
(Moderate severity)
was published Nov 12, 2019
•
magento/community-edition
(Composer)
Authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products
CVE-2019-8145
(Moderate severity)
was published Nov 12, 2019
•
magento/community-edition
(Composer)
Unauthenticated user can inject arbitrary JavaScript code as a result of sanitization engine ignoring HTML comments
CVE-2019-8233
(Moderate severity)
was published Nov 12, 2019
•
magento/community-edition
(Composer)
Validation messages are not escaped which can lead to XSS when user input is included
CVE-2019-10909
(Moderate severity)
was published Nov 12, 2019
•
symfony/framework-bundle
(Composer)
Elevated privileges or user impersonation possible due to incorrect validation of cryptographic signatures in XML messages
CVE-2019-3465
(Critical severity)
was published Nov 8, 2019
•
robrichards/xmlseclibs
(Composer)
Default Express middleware security check is ignored in production
GHSA-4j6x-w426-6rc6
(High severity)
was published Nov 8, 2019
•
@cubejs-backend/api-gateway
(npm)
SQL injection possible due to JSON path keys not being properly sanitized
CVE-2019-10749
(High severity)
was published Nov 8, 2019
•
sequelize
(npm)
Potential XSS in Jupyter Notebook
CVE-2018-21030
(Moderate severity)
was published Nov 8, 2019
•
notebook
(pip)
Potential privilege escalation in Apache CXF OpenId Connect services
CVE-2019-12419
(High severity)
was published Nov 8, 2019
•
org.apache.cxf:cxf
(Maven)
Potential denial of service in Apache CXF message attachments
CVE-2019-12406
(Moderate severity)
was published Nov 8, 2019
•
org.apache.cxf:cxf
(Maven)
SQL injection possible due to JSON path keys not being properly escaped
CVE-2019-10748
(High severity)
was published Nov 6, 2019
•
sequelize
(npm)
ProTip! Advisories are also available from the
GraphQL API.