Skip to content

GitHub Advisory Database

2,009 advisories

Context isolation bypass via Promise.then bug in V8
CVE-2020-15096 (Low severity) was published Jul 7, 2020 electron (npm)
Context isolation bypass via leaked cross-context objects
CVE-2020-4076 (High severity) was published Jul 7, 2020 electron (npm)
Context isolation bypass via contextBridge
CVE-2020-4077 (High severity) was published Jul 7, 2020 electron (npm)
Arbitrary file read via window-open IPC
CVE-2020-4075 (Moderate severity) was published Jul 7, 2020 electron (npm)
Directory traversal in Rack::Directory app bundled with Rack
CVE-2020-8161 (Moderate severity) was published Jul 6, 2020 rack (RubyGems)
Potential self-XSS when pasting content from malicious websites
CVE-2020-4061 (Low severity) was published Jul 2, 2020 october/october (Composer)
XML external entity injection in Terracotta Quartz Scheduler
CVE-2019-13990 (Moderate severity) was published Jul 1, 2020 org.quartz-scheduler:quartz (Maven)
Directory traversal in Apache RocketMQ
CVE-2019-17572 (Moderate severity) was published Jul 1, 2020 org.apache.rocketmq:rocketmq-broker (Maven)
Privilege escalation in mysql-connector-jav
CVE-2019-2692 (Moderate severity) was published Jul 1, 2020 mysql:mysql-connector-java (Maven)
XML External Entity Injection in XStream
CVE-2016-3674 (High severity) was published Jun 30, 2020 com.thoughtworks.xstream:xstream (Maven)
Denial of service in XStream
CVE-2017-7957 (High severity) was published Jun 30, 2020 com.thoughtworks.xstream:xstream (Maven)
Information Exposure in Netty
CVE-2015-2156 (High severity) was published Jun 30, 2020 io.netty:netty-handler (Maven)
Denial of service in Netty
CVE-2014-3488 (Moderate severity) was published Jun 30, 2020 io.netty:netty-handler (Maven)
Deserialization of Untrusted Data in jackson-databind
CVE-2018-5968 (High severity) was published Jun 30, 2020 com.fasterxml.jackson.core:jackson-databind (Maven)
Privilege escalation for internal APIs
CVE-2020-15087 (High severity) was published Jun 30, 2020 io.prestosql:presto-server (Maven)
auth bypass in express-jwt
CVE-2020-15084 (High severity) was published Jun 30, 2020 express-jwt (npm)
2020.03.31 ECDSA signature vulnerability of Minerva timing attack
GHSA-g753-jx37-7xwh (Moderate severity) was published Jun 30, 2020 jsrsasign (npm)
2020.06.22 CVE-2020-14966 ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding
CVE-2020-14966 (Moderate severity) was published Jun 26, 2020 jsrsasign (npm)
CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2019-16303 (Critical severity) was published Jun 26, 2020 generator-jhipster-kotlin (npm)
2020.06.22 CVE-2020-14967 RSA RSAES-PKCS1-v1_5 and RSA-OAEP decryption vulnerability with prepending zeros
CVE-2020-14967 (Low severity) was published Jun 26, 2020 jsrsasign (npm)
2020.06.22 CVE-2020-14968 RSA-PSS signature validation vulnerability by prepending zeros
CVE-2020-14968 (Low severity) was published Jun 26, 2020 jsrsasign (npm)
Log Forging Vulnerability
CVE-2020-4072 (Moderate severity) was published Jun 25, 2020 generator-jhipster-kotlin (npm)
Untrusted users can run pending migrations in production in Rails
CVE-2020-8185 (Low severity) was published Jun 24, 2020 actionpack (RubyGems)
Percent-encoded cookies can be used to overwrite existing prefixed cookie names
CVE-2020-8184 (High severity) was published Jun 24, 2020 rack (RubyGems)
Potential timing attack on apps using basic authentication
CVE-2020-4071 (Low severity) was published Jun 23, 2020 django-basic-auth-ip-whitelist (pip)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.