Skip to content

GitHub Advisory Database

3,026 advisories

SSRF vulnerability in Arache Airflow
CVE-2020-17513 (Moderate severity) was published Dec 17, 2020 apache-airflow (pip)
Plain text storage of passwords in Apache Airflow
CVE-2020-17511 (Moderate severity) was published Dec 17, 2020 apache-airflow (pip)
Command injection in connection-tester
CVE-2020-7781 (Critical severity) was published Dec 17, 2020 connection-tester (npm)
Prototype pollution in datatables.net
CVE-2020-28458 (High severity) was published Dec 17, 2020 datatables.net (npm)
Command Injection Vulnerability in systeminformation
CVE-2020-26274 (Moderate severity) was published Dec 16, 2020 systeminformation (npm)
Denial of Service in ecstatic
CVE-2019-10775 (Moderate severity) was published Dec 15, 2020 ecstatic (npm)
Denial of Service in i18n
CVE-2020-7791 (Moderate severity) was published Dec 14, 2020 i18n (NuGet)
Cross-Site Scripting in Grav
GHSA-cvmr-6428-87w9 (Moderate severity) was published Dec 10, 2020 getgrav/grav (Composer)
Heap out of bounds access in MakeEdge in TensorFlow
CVE-2020-26271 (Low severity) was published Dec 10, 2020 tensorflow (pip)
CHECK-fail in LSTM with zero-length input in TensorFlow
CVE-2020-26270 (Low severity) was published Dec 10, 2020 tensorflow (pip)
Write to immutable memory region in TensorFlow
CVE-2020-26268 (Low severity) was published Dec 10, 2020 tensorflow (pip)
Lack of validation in data format attributes in TensorFlow
CVE-2020-26267 (Low severity) was published Dec 10, 2020 tensorflow (pip)
Uninitialized memory access in TensorFlow
CVE-2020-26266 (Low severity) was published Dec 10, 2020 tensorflow (pip)
Prototype Pollution
CVE-2020-7788 (Low severity) was published Dec 10, 2020 ini (npm)
Information Disclosure in Apache Groovy
CVE-2020-17521 (Moderate severity) was published Dec 9, 2020 org.codehaus.groovy:groovy (Maven)
Denial of service attack via incorrect parameters in Matrix Synapse
CVE-2020-26257 (Low severity) was published Dec 9, 2020 matrix-synapse (pip)
user-readable api tokens in systemd units for JupyterHub
CVE-2020-26261 (High severity) was published Dec 9, 2020 jupyterhub-systemdspawner (pip)
Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability
CVE-2020-26249 (High severity) was published Dec 8, 2020 red-dashboard (pip)
Disabled Hostname Verification in OpenCast
CVE-2020-26234 (High severity) was published Dec 8, 2020 org.opencastproject:opencast-kernel (Maven)
Denial of service in fast-csv
CVE-2020-26256 (Low severity) was published Dec 8, 2020 @fast-csv/parse (npm)
PHP Phar archives could be uploaded by Panel users as content files and executed in Kirby
CVE-2020-26255 (Low severity) was published Dec 8, 2020 getkirby/cms (Composer)
omniauth-apple allows attacker to fake their email address during authentication
CVE-2020-26254 (Low severity) was published Dec 8, 2020 omniauth-apple (RubyGems)
Cross-Site Scripting bypass in html-purify
GHSA-5p28-63mc-cgr9 (High severity) was published Dec 4, 2020 html-purify (npm)
ReDOS vulnerabities: multiple grammars
GHSA-7wwv-vh3v-89cq (Moderate severity) was published Dec 4, 2020 @highlightjs/cdn-assets (npm)
Multiple cryptographic issues in Python oic
CVE-2020-26244 (Moderate severity) was published Dec 4, 2020 oic (pip)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.