Skip to content

GitHub Advisory Database

2,870 advisories

Security Constraint Bypass in Spring Security
CVE-2016-9879 (High severity) was published Sep 15, 2020 org.springframework.security:spring-security-core (Maven)
Authorization Bypass in Spring Security
CVE-2014-3527 (High severity) was published Sep 15, 2020 org.springframework.security:spring-security-core (Maven)
Unsafe unserialization
CVE-2020-15148 (High severity) was published Sep 15, 2020 yiisoft/yii2 (Composer)
Potential XSS injection with contact form
CVE-2020-15178 (High severity) was published Sep 15, 2020 prestashop/contactform (Composer)
Prototype Pollution in node-forge
CVE-2020-7720 (High severity) was published Sep 14, 2020 node-forge (npm)
XXE in Apache Standard Taglibs
CVE-2015-0254 (High severity) was published Sep 14, 2020 org.apache.taglibs:taglibs-standard (Maven)
Sensitive Data Exposure in Apache Ant
CVE-2020-1945 (Moderate severity) was published Sep 14, 2020 org.apache.ant:ant (Maven)
Azure DevOps token leakage in logs
GHSA-36rh-ggpr-j3gj (Moderate severity) was published Sep 14, 2020 renovate (npm)
Potential XSS vulnerability in Action View
CVE-2020-15169 (Moderate severity) was published Sep 11, 2020 actionview (RubyGems)
Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (CVE-2018-17145)
CVE-2018-17145 (High severity) was published Sep 10, 2020 bcoin (npm)
Users with SCRIPT right can access the application server instance manager and create arbitrary Java objects through $request binding
CVE-2020-15171 (Low severity) was published Sep 10, 2020 org.xwiki.platform:xwiki-platform-oldcore (Maven)
The `size` option isn't honored after following a redirect
CVE-2020-15168 (Low severity) was published Sep 10, 2020 node-fetch (npm)
Lack of URL normalization may lead to authorization bypass when URL access rules are used
CVE-2020-24660 (High severity) was published Sep 9, 2020 lemonldap-ng-handler (npm)
Invalid root may become trusted root
CVE-2020-15163 (Low severity) was published Sep 9, 2020 tuf (pip)
Validation bypass vulnerability
GHSA-2p6g-gjp8-ggg9 (Low severity) was published Sep 9, 2020 personnummer/personnummer (Composer)
Validation bypass vulnerability
GHSA-qv8q-v995-72gr (Low severity) was published Sep 9, 2020 personnummer (NuGet)
Validation bypass vulnerability
GHSA-rxq3-5249-8hgg (Low severity) was published Sep 9, 2020 personnummer (pip)
Validation bypass vulnerability
GHSA-vpgc-7h78-gx8f (Low severity) was published Sep 4, 2020 personnummer (npm)
Information Disclosure and Broken Access Control in Backend Module
CVE-2020-25026 (Moderate severity) was published Sep 2, 2020 derhansen/sf_event_mgt (Composer)
Prevent RCE when calling untrusted remote with CachingHttpClient
CVE-2020-15094 (High severity) was published Sep 2, 2020 symfony/http-kernel (Composer)
Remote Memory Exposure in bl
CVE-2020-8244 (High severity) was published Sep 2, 2020 bl (npm)
Command Injection in bestzip
GHSA-4qqc-mp5f-ccv4 (Critical severity) was published Sep 2, 2020 bestzip (npm)
Improper Authorization in @sap-cloud-sdk/core
GHSA-r2vw-jgq9-jqx2 (High severity) was published Sep 3, 2020 @sap-cloud-sdk/core (npm)
Remote Code Execution in next
GHSA-5vj8-3v2h-h38v (High severity) was published Sep 4, 2020 next (npm)
Cross-Site Scripting in bootstrap-select
GHSA-9r7h-6639-v5mw (High severity) was published Sep 3, 2020 bootstrap-select (npm)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.