Skip to content

GitHub Advisory Database

2,877 advisories

Insert tag injection in forms
CVE-2020-25768 (Moderate severity) was published Sep 24, 2020 contao/core-bundle (Composer)
Validation bypass vulnerability
GHSA-vp9c-fpxx-744v (Low severity) was published Sep 23, 2020 personnummer (RubyGems)
Validation bypass vulnerability
GHSA-q3vw-4jx3-rrr2 (Low severity) was published Sep 23, 2020 dev.personnummer:personnummer (Maven)
Non-persistent XSS in the Storefront
GHSA-qvhr-55hg-3qwv (Low severity) was published Sep 23, 2020 shopware/core (Composer)
RCE in Third Party Library
GHSA-qvc5-cfrr-384v (Low severity) was published Sep 23, 2020 shopware/core (Composer)
Heap Overflow in PyMiniRacer
CVE-2020-25489 (Moderate severity) was published Sep 18, 2020 py-mini-racer (pip)
Potential XSS in jQuery dependency
GHSA-hgwm-pv9h-q5m7 (Moderate severity) was published Sep 18, 2020 mirador (npm)
Security Constraint Bypass in Spring Security
CVE-2016-9879 (High severity) was published Sep 15, 2020 org.springframework.security:spring-security-core (Maven)
Authorization Bypass in Spring Security
CVE-2014-3527 (High severity) was published Sep 15, 2020 org.springframework.security:spring-security-core (Maven)
Unsafe unserialization
CVE-2020-15148 (High severity) was published Sep 15, 2020 yiisoft/yii2 (Composer)
Potential XSS injection with contact form
CVE-2020-15178 (High severity) was published Sep 15, 2020 prestashop/contactform (Composer)
Prototype Pollution in node-forge
CVE-2020-7720 (High severity) was published Sep 14, 2020 node-forge (npm)
XXE in Apache Standard Taglibs
CVE-2015-0254 (High severity) was published Sep 14, 2020 org.apache.taglibs:taglibs-standard (Maven)
Sensitive Data Exposure in Apache Ant
CVE-2020-1945 (Moderate severity) was published Sep 14, 2020 org.apache.ant:ant (Maven)
Azure DevOps token leakage in logs
GHSA-36rh-ggpr-j3gj (Moderate severity) was published Sep 14, 2020 renovate (npm)
Potential XSS vulnerability in Action View
CVE-2020-15169 (Moderate severity) was published Sep 11, 2020 actionview (RubyGems)
Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (CVE-2018-17145)
CVE-2018-17145 (High severity) was published Sep 10, 2020 bcoin (npm)
Users with SCRIPT right can access the application server instance manager and create arbitrary Java objects through $request binding
CVE-2020-15171 (Low severity) was published Sep 10, 2020 org.xwiki.platform:xwiki-platform-oldcore (Maven)
The `size` option isn't honored after following a redirect
CVE-2020-15168 (Low severity) was published Sep 10, 2020 node-fetch (npm)
Lack of URL normalization may lead to authorization bypass when URL access rules are used
CVE-2020-24660 (High severity) was published Sep 9, 2020 lemonldap-ng-handler (npm)
Invalid root may become trusted root
CVE-2020-15163 (Low severity) was published Sep 9, 2020 tuf (pip)
Validation bypass vulnerability
GHSA-2p6g-gjp8-ggg9 (Low severity) was published Sep 9, 2020 personnummer/personnummer (Composer)
Validation bypass vulnerability
GHSA-qv8q-v995-72gr (Low severity) was published Sep 9, 2020 personnummer (NuGet)
Validation bypass vulnerability
GHSA-rxq3-5249-8hgg (Low severity) was published Sep 9, 2020 personnummer (pip)
Validation bypass vulnerability
GHSA-vpgc-7h78-gx8f (Low severity) was published Sep 4, 2020 personnummer (npm)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.