Skip to content

GitHub Advisory Database

1,841 advisories

Various SQL injection attacks have been mitigated.
CVE-2020-11010 (Moderate severity) was published Apr 20, 2020 tortoise-orm (pip)
man-in-the-middle attack in lix
CVE-2020-10800 (Moderate severity) was published Apr 16, 2020 lix (npm)
Insufficiently random GUIDs in node-uuid
CVE-2015-8851 (Moderate severity) was published Apr 16, 2020 node-uuid (npm)
XSS in sanitize-html
CVE-2016-1000237 (Moderate severity) was published Apr 16, 2020 sanitize-html (npm)
CSRF and DNS Rebinding
CVE-2020-11003 (Moderate severity) was published Apr 16, 2020 @fraction/oasis (npm)
Improper Restriction of Rendered UI Layers or Frames in Keycloak
CVE-2020-1728 (Moderate severity) was published Apr 15, 2020 org.keycloak:keycloak-core (Maven)
Predictable password in Keycloak
CVE-2020-1731 (High severity) was published Apr 15, 2020 org.keycloak:keycloak-core (Maven)
XSS in Keycloak
CVE-2020-1697 (Low severity) was published Apr 15, 2020 org.keycloak:keycloak-core (Maven)
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak
CVE-2019-14820 (Moderate severity) was published Apr 15, 2020 org.keycloak:keycloak-core (Maven)
XSS injection in the Grid component of Sylius
CVE-2019-12186 (Moderate severity) was published Apr 15, 2020 sylius/grid (Composer)
Possible XSS attack via page revision comparison view
CVE-2020-11001 (Moderate severity) was published Apr 14, 2020 wagtail (pip)
Internal NCryptDecrypt method could be used by other libraries as well.
CVE-2020-11005 (Critical severity) was published Apr 14, 2020 HaemmerElectronics.SeppPenner.WindowsHello (NuGet)
OS Command Injection in devcert-sanscache
CVE-2019-10778 (High severity) was published Apr 14, 2020 devcert-sanscache (npm)
Persistent Cross-Site scripting in Nexus Repository Manager
CVE-2020-10203 (Low severity) was published Apr 14, 2020 org.sonatype.nexus:nexus-core (Maven)
Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager
CVE-2020-10204 (High severity) was published Apr 14, 2020 org.sonatype.nexus:nexus-core (Maven)
Nexus Repository Manager 3 - Remote Code Execution
CVE-2020-10199 (High severity) was published Apr 14, 2020 org.sonatype.nexus:nexus-extdirect (Maven)
Remote Code Execution (RCE) vulnerability in dropwizard-validation <2.0.3
CVE-2020-11002 (High severity) was published Apr 10, 2020 io.dropwizard:dropwizard-validation (Maven)
Information disclosure through error object
CVE-2020-5263 (High severity) was published Apr 10, 2020 auth0-js (npm)
confinit vulnerable to prototype pollution
CVE-2020-7638 (Moderate severity) was published Apr 7, 2020 confinit (npm)
Prototype pollution in class-transformer
CVE-2020-7637 (Moderate severity) was published Apr 7, 2020 class-transformer (npm)
Regular Expression Denial of Service in Acorn
GHSA-6chw-6frg-f759 (Moderate severity) was published Apr 3, 2020 acorn (npm)
Prototype pollution in minimist
CVE-2020-7598 (High severity) was published Apr 3, 2020 minimist (npm)
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting)
CVE-2020-7622 (Moderate severity) was published Apr 3, 2020 io.jooby:jooby-netty (Maven)
Uncontrolled Resource Consumption in Pillow
CVE-2019-19911 (Moderate severity) was published Apr 1, 2020 Pillow (pip)
XSS in seeftl
CVE-2019-15603 (Moderate severity) was published Apr 1, 2020 seeftl (npm)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.