GitHub Advisory Database
1,714 advisories
Filter by severity
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
CVE-2019-10782
(Moderate severity)
was published Jan 31, 2020
•
com.puppycrawl.tools:checkstyle
(Maven)
Untrusted data can lead to DoS attack due to hash collisions and stack overflow
CVE-2020-5234
(Moderate severity)
was published Jan 31, 2020
•
MessagePack
(NuGet)
Placeholder property does not indicate HTML capable, could lead to inadvertent abuse
CVE-2019-20174
(Moderate severity)
was published Jan 31, 2020
•
auth0-lock
(npm)
Malicious takeover of previously owned ENS names
CVE-2020-5232
(Critical severity)
was published Jan 30, 2020
•
@ensdomains/ens
(npm)
Authentication Bypass For Endpoints With Anonymous Access
CVE-2020-5206
(Critical severity)
was published Jan 30, 2020
•
org.opencastproject:opencast-kernel
(Maven)
Users with ROLE_COURSE_ADMIN can create new users
CVE-2020-5231
(Moderate severity)
was published Jan 30, 2020
•
org.opencastproject:opencast-kernel
(Maven)
Hard-Coded Key Used For Remember-me Token
CVE-2020-5222
(Moderate severity)
was published Jan 30, 2020
•
org.opencastproject:opencast-kernel
(Maven)
Unsafe Identifiers
CVE-2020-5230
(Moderate severity)
was published Jan 30, 2020
•
org.opencastproject:base
(Maven)
Password Hashing: Do not use MD5
CVE-2020-5229
(Low severity)
was published Jan 30, 2020
•
org.opencastproject:opencast-common-jpa-impl
(Maven)
Unauthenticated Access Via OAI-PMH
CVE-2020-5228
(High severity)
was published Jan 30, 2020
•
org.opencastproject:opencast-oaipmh-api
(Maven)
Cross-site scripting vulnerability in TinyMCE
GHSA-27gm-ghr9-4v95
(High severity)
was published Jan 30, 2020
•
tinymce
(npm)
Stored XSS vulnerability
CVE-2019-15607
(Low severity)
was published Jan 30, 2020
•
node-red
(npm)
Feedgen Vulnerable Against XML Denial of Service Attacks
CVE-2020-5227
(High severity)
was published Jan 28, 2020
•
feedgen
(pip)
Unrestricted upload of file with dangerous type in Apache Solr
CVE-2019-12409
(High severity)
was published Jan 28, 2020
•
org.apache.solr:solr-core
(Maven)
Segmentation fault when converting a Python string to `tf.float16`
CVE-2020-5215
(High severity)
was published Jan 28, 2020
•
tensorflow
(pip)
XSS in Dolibarr ERP & CRM
CVE-2020-7996
(Moderate severity)
was published Jan 28, 2020
•
dolibarr/dolibarr
(Composer)
Ability to switch channels via GET parameter enabled in production environments
CVE-2020-5218
(Low severity)
was published Jan 31, 2020
•
sylius/sylius
(Composer)
Ability to define unintended serialisation groups via HTTP header which might lead to data exposure
CVE-2020-5220
(Moderate severity)
was published Jan 31, 2020
•
sylius/resource-bundle
(Composer)
Request smuggling is possible when both chunked TE and content length specified
CVE-2020-5207
(Low severity)
was published Jan 27, 2020
•
io.ktor:ktor-client-cio
(Maven)
Default development error handler is vulnerable to HTML content injection (XSS)
CVE-2019-10770
(Moderate severity)
was published Jan 27, 2020
•
io.ratpack:ratpack-core
(Maven)
Incorrect persistent NameID generation
CVE-2017-12873
(Moderate severity)
was published Jan 24, 2020
•
simplesamlphp/simplesamlphp
(Composer)
Incorrect signature verification
CVE-2016-9955
(Moderate severity)
was published Jan 24, 2020
•
simplesamlphp/simplesamlphp
(Composer)
Link injection
GHSA-2r3v-q9x3-7g46
(Low severity)
was published Jan 24, 2020
•
simplesamlphp/simplesamlphp
(Composer)
Cross-site scripting in error reports
CVE-2020-5226
(Low severity)
was published Jan 24, 2020
•
simplesamlphp/simplesamlphp
(Composer)
Log injection
CVE-2020-5225
(Low severity)
was published Jan 24, 2020
•
simplesamlphp/simplesamlphp
(Composer)
ProTip! Advisories are also available from the
GraphQL API.