Skip to content

GitHub Advisory Database

1,657 advisories

Unrestricted file uploads
CVE-2019-19745 (High severity) was published Dec 17, 2019 contao/core-bundle (Composer)
Information disclosure in the back end
CVE-2019-19712 (Moderate severity) was published Dec 17, 2019 contao/core-bundle (Composer)
Insert tag injection in the login module
CVE-2019-19714 (Moderate severity) was published Dec 17, 2019 contao/core-bundle (Composer)
A single version of twisted does not respect the trustedRoot setting
CVE-2014-7143 (Moderate severity) was published Dec 17, 2019 twisted (pip)
Heap buffer overflow in `UnsortedSegmentSum`
CVE-2019-16778 (Low severity) was published Dec 16, 2019 tensorflow (pip)
Interrupted Persistent Connections May Leak Response Data
CVE-2019-16779 (Low severity) was published Dec 16, 2019 excon (RubyGems)
The lodahs package for Node.js is a Trojan horse
CVE-2019-19771 (Critical severity) was published Dec 16, 2019 lodahs (npm)
Arbitrary File Overwrite
CVE-2019-16777 (Low severity) was published Dec 13, 2019 npm (npm)
Arbitrary File Write
CVE-2019-16776 (Low severity) was published Dec 13, 2019 npm (npm)
Unauthorized File Access
CVE-2019-16775 (Low severity) was published Dec 13, 2019 npm (npm)
Object injection in cookie driver
CVE-2019-16774 (High severity) was published Dec 12, 2019 phpfastcache/phpfastcache (Composer)
Remote Code Execution Vulnerability due to Sandbox Bypass
CVE-2019-10769 (Critical severity) was published Dec 11, 2019 safer-eval (npm)
regular expressions Cross-Site Scripting (XSS) vulnerability
CVE-2019-16772 (Moderate severity) was published Dec 6, 2019 serialize-to-js (npm)
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CVE-2019-16771 (Moderate severity) was published Dec 6, 2019 com.linecorp.armeria:armeria (Maven)
Internal exception message exposure for login action
CVE-2019-16768 (Low severity) was published Dec 5, 2019 sylius/sylius (Composer)
Keepalive thread overload/DoS
CVE-2019-16770 (Moderate severity) was published Dec 5, 2019 puma (RubyGems)
regular expressions Cross-Site Scripting (XSS) vulnerability
CVE-2019-16769 (Moderate severity) was published Dec 5, 2019 serialize-javascript (npm)
Multiple timing attack vulnerabilities leading to the recovery of secrets based on the use of non-constant time compare function
CVE-2019-16771 (Low severity) was published Dec 5, 2019 com.linecorp.armeria:armeria (Maven)
Validation bypass is possible in Json Pattern Validator
CVE-2019-19507 (Moderate severity) was published Dec 4, 2019 jpv (npm)
Django allows unintended model editing
CVE-2019-19118 (Moderate severity) was published Dec 4, 2019 django (pip)
Strapi mishandles password resets
CVE-2019-18818 (Moderate severity) was published Dec 2, 2019 strapi (npm)
Apache NiFi user log out issue
CVE-2019-12421 (Moderate severity) was published Dec 2, 2019 org.apache.nifi:nifi (Maven)
Apache NiFi process group information disclosure
CVE-2019-10083 (Moderate severity) was published Dec 2, 2019 org.apache.nifi:nifi (Maven)
Apache NiFi information disclosure by XXE
CVE-2019-10080 (Moderate severity) was published Dec 2, 2019 org.apache.nifi:org.apache.nifi:nifi (Maven)
Pomelo allows external control of critical state data
CVE-2019-18954 (Moderate severity) was published Dec 2, 2019 pomelo (npm)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.