Skip to content

GitHub Advisory Database

1,943 advisories

Schema validation rules are not passed to the subscription server, including rules that restrict introspection
GHSA-w42g-7vfc-xf37 (Moderate severity) was published Jun 5, 2020 apollo-server (npm)
Potential XSS vulnerability when passing untrusted input to jQuery HTML manipulation methods
GHSA-v73w-r9xg-7cr9 (Moderate severity) was published Jun 5, 2020 october/october (Composer)
dom4j allows External Entities by default which might enable XXE attacks
CVE-2020-10683 (High severity) was published Jun 5, 2020 org.dom4j:dom4j (Maven)
Arbitrary shell command execution in logkitty
CVE-2020-8149 (High severity) was published Jun 5, 2020 logkitty (npm)
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
CVE-2020-9488 (Moderate severity) was published Jun 5, 2020 org.apache.logging.log4j:log4j (Maven)
Signature wrapping vulnerability in Spring Security
CVE-2020-5407 (Moderate severity) was published Jun 5, 2020 org.springframework.security:spring-security-core (Maven)
Directory traversal attack in Spring Cloud Config
CVE-2020-5410 (Moderate severity) was published Jun 5, 2020 org.springframework.cloud:spring-cloud-config-server (Maven)
Directory traversal attack in Spring Cloud Config
CVE-2020-5405 (Moderate severity) was published Jun 5, 2020 org.springframework.cloud:spring-cloud-config-server (Maven)
File system access via H2 in Apache Ignite
CVE-2020-1963 (Moderate severity) was published Jun 5, 2020 org.apache.ignite:ignite-core (Maven)
Django Rest Framework allows obtaining new token from notionally invalidated token
CVE-2020-10594 (Moderate severity) was published Jun 5, 2020 drf-jwt (pip)
django-nopassword stores secrets in cleartext
CVE-2019-10682 (Moderate severity) was published Jun 5, 2020 django-nopassword (pip)
XSS in Django
CVE-2020-13596 (Moderate severity) was published Jun 5, 2020 django (pip)
Data leakage via cache key collision in Django
CVE-2020-13254 (Moderate severity) was published Jun 5, 2020 django (pip)
SQL injection in Django
CVE-2020-9402 (High severity) was published Jun 5, 2020 django (pip)
Potential unauthorized access to stored request & session data when plugin is misconfigured
CVE-2020-11094 (Moderate severity) was published Jun 3, 2020 rainlab/debugbar-plugin (Composer)
ReDoS vulnerability in Sec-WebSocket-Extensions parser
CVE-2020-7663 (Moderate severity) was published Jun 5, 2020 websocket-extensions (RubyGems)
ReDoS vulnerability in Sec-WebSocket-Extensions parser
CVE-2020-7662 (Moderate severity) was published Jun 5, 2020 websocket-extensions (npm)
Potential CSV Injection vector
CVE-2020-5299 (Moderate severity) was published Jun 3, 2020 october/october (Composer)
Reflected XSS when importing CSV files via the ImportExportController
CVE-2020-5298 (Moderate severity) was published Jun 3, 2020 october/october (Composer)
Arbitrary Upload of Whitelisted File Types by authenticated backend user with cms.manage_assets permission
CVE-2020-5297 (Low severity) was published Jun 3, 2020 october/october (Composer)
Arbitrary File Deletion by authenticated backend user with cms.manage_assets permission
CVE-2020-5296 (Moderate severity) was published Jun 3, 2020 october/october (Composer)
Local File Inclusion by authenticated backend user with cms.manage_assets permission
CVE-2020-5295 (Moderate severity) was published Jun 3, 2020 october/october (Composer)
DoS or local data modification via malicious record IDs
CVE-2020-4035 (Moderate severity) was published Jun 3, 2020 @nozbe/watermelondb (npm)
Arbitrary File Read in Snyk Broker
CVE-2020-7652 (Moderate severity) was published Jun 3, 2020 snyk-broker (npm)
Arbitrary File Read in Snyk Broker
CVE-2020-7653 (Moderate severity) was published Jun 3, 2020 snyk-broker (npm)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.