GitHub Advisory Database
1,946 advisories
Filter by severity
The filename of uploaded files vulnerable to stored XSS
CVE-2020-4041
(Moderate severity)
was published Jun 9, 2020
•
bolt/bolt
(Composer)
CSRF issue on preview pages
CVE-2020-4040
(High severity)
was published Jun 9, 2020
•
bolt/bolt
(Composer)
Reflected XSS in GraphQL Playground React, HTML and Middlewares
CVE-2020-4038
(High severity)
was published Jun 9, 2020
•
graphql-playground-html
(npm)
Schema validation rules are not passed to the subscription server, including rules that restrict introspection
GHSA-w42g-7vfc-xf37
(Moderate severity)
was published Jun 5, 2020
•
apollo-server
(npm)
Potential XSS vulnerability when passing untrusted input to jQuery HTML manipulation methods
GHSA-v73w-r9xg-7cr9
(Moderate severity)
was published Jun 5, 2020
•
october/october
(Composer)
dom4j allows External Entities by default which might enable XXE attacks
CVE-2020-10683
(High severity)
was published Jun 5, 2020
•
org.dom4j:dom4j
(Maven)
Arbitrary shell command execution in logkitty
CVE-2020-8149
(High severity)
was published Jun 5, 2020
•
logkitty
(npm)
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
CVE-2020-9488
(Moderate severity)
was published Jun 5, 2020
•
org.apache.logging.log4j:log4j
(Maven)
Signature wrapping vulnerability in Spring Security
CVE-2020-5407
(Moderate severity)
was published Jun 5, 2020
•
org.springframework.security:spring-security-core
(Maven)
Directory traversal attack in Spring Cloud Config
CVE-2020-5410
(Moderate severity)
was published Jun 5, 2020
•
org.springframework.cloud:spring-cloud-config-server
(Maven)
Directory traversal attack in Spring Cloud Config
CVE-2020-5405
(Moderate severity)
was published Jun 5, 2020
•
org.springframework.cloud:spring-cloud-config-server
(Maven)
File system access via H2 in Apache Ignite
CVE-2020-1963
(Moderate severity)
was published Jun 5, 2020
•
org.apache.ignite:ignite-core
(Maven)
Django Rest Framework allows obtaining new token from notionally invalidated token
CVE-2020-10594
(Moderate severity)
was published Jun 5, 2020
•
drf-jwt
(pip)
django-nopassword stores secrets in cleartext
CVE-2019-10682
(Moderate severity)
was published Jun 5, 2020
•
django-nopassword
(pip)
XSS in Django
CVE-2020-13596
(Moderate severity)
was published Jun 5, 2020
•
django
(pip)
Data leakage via cache key collision in Django
CVE-2020-13254
(Moderate severity)
was published Jun 5, 2020
•
django
(pip)
SQL injection in Django
CVE-2020-9402
(High severity)
was published Jun 5, 2020
•
django
(pip)
Potential unauthorized access to stored request & session data when plugin is misconfigured
CVE-2020-11094
(Moderate severity)
was published Jun 3, 2020
•
rainlab/debugbar-plugin
(Composer)
ReDoS vulnerability in Sec-WebSocket-Extensions parser
CVE-2020-7663
(Moderate severity)
was published Jun 5, 2020
•
websocket-extensions
(RubyGems)
ReDoS vulnerability in Sec-WebSocket-Extensions parser
CVE-2020-7662
(Moderate severity)
was published Jun 5, 2020
•
websocket-extensions
(npm)
Potential CSV Injection vector
CVE-2020-5299
(Moderate severity)
was published Jun 3, 2020
•
october/october
(Composer)
Reflected XSS when importing CSV files via the ImportExportController
CVE-2020-5298
(Moderate severity)
was published Jun 3, 2020
•
october/october
(Composer)
Arbitrary Upload of Whitelisted File Types by authenticated backend user with cms.manage_assets permission
CVE-2020-5297
(Low severity)
was published Jun 3, 2020
•
october/october
(Composer)
Arbitrary File Deletion by authenticated backend user with cms.manage_assets permission
CVE-2020-5296
(Moderate severity)
was published Jun 3, 2020
•
october/october
(Composer)
Local File Inclusion by authenticated backend user with cms.manage_assets permission
CVE-2020-5295
(Moderate severity)
was published Jun 3, 2020
•
october/october
(Composer)
ProTip! Advisories are also available from the
GraphQL API.