Skip to content

GitHub Advisory Database

3,064 advisories

rails_admin ruby gem XSS vulnerability
CVE-2020-36190 (Moderate severity) was published Jan 14, 2021 rails_admin (RubyGems)
.dev domains and some reverse proxy setups were treated as local in Kirby
CVE-2020-26253 (Low severity) was published Jan 14, 2021 getkirby/cms (Composer)
Signature validation bypass in ServiceStack
CVE-2020-28042 (Moderate severity) was published Jan 13, 2021 ServiceStack (NuGet)
XSS in hello.js
CVE-2020-7741 (Critical severity) was published Jan 13, 2021 hellojs (npm)
Regular Expression Denial of Service in jquery-validation
CVE-2021-21252 (Moderate severity) was published Jan 13, 2021 jquery-validation (npm)
Command injection in ts-process-promises
CVE-2020-7784 (Critical severity) was published Jan 13, 2021 ts-process-promises (npm)
Command injection in buns
CVE-2020-7794 (Critical severity) was published Jan 13, 2021 buns (npm)
CSRF can expose users authentication token
CVE-2021-21241 (High severity) was published Jan 11, 2021 Flask-Security-Too (pip)
Injection/XSS in Redcarpet
CVE-2020-26298 (Moderate severity) was published Jan 11, 2021 redcarpet (RubyGems)
XSS in lxml
CVE-2020-27783 (Moderate severity) was published Jan 7, 2021 lxml (pip)
Path Traversal in Apache Flink
CVE-2020-17519 (Moderate severity) was published Jan 6, 2021 org.apache.flink:flink-runtime_2.11 (Maven)
Cross-site scripting vulnerability in TinyMCE
GHSA-w7jx-j77m-wp65 (Moderate severity) was published Jan 6, 2021 tinymce (npm)
Regex denial of service vulnerability in codesample plugin
GHSA-h96f-fc7c-9r55 (Low severity) was published Jan 6, 2021 tinymce (npm)
Regular Expression Denial of Service in CairoSVG
CVE-2021-21236 (Moderate severity) was published Jan 6, 2021 CairoSVG (pip)
Directory Traversal in spring-boot-actuator-logview
CVE-2021-21234 (High severity) was published Jan 5, 2021 eu.hinsch:spring-boot-actuator-logview (Maven)
Server-Side Request Forgery in Axios
CVE-2020-28168 (High severity) was published Jan 4, 2021 axios (npm)
XSS in HtmlSanitizer
CVE-2020-26293 (Low severity) was published Jan 4, 2021 HtmlSanitizer (NuGet)
Hostname spoofing via backslashes in URL
CVE-2020-26291 (Moderate severity) was published Dec 30, 2020 urijs (npm)
XSS in Vega
CVE-2020-26296 (Low severity) was published Dec 30, 2020 vega (npm)
XXE in Nokogiri
CVE-2020-26247 (Low severity) was published Dec 30, 2020 nokogiri (RubyGems)
Parse Server stores password in plain text
CVE-2020-26288 (Low severity) was published Dec 28, 2020 parse-server (npm)
Server-Side Template Injection
CVE-2020-26282 (High severity) was published Dec 24, 2020 com.browserup:browserup-proxy (Maven)
regular expression denial of service (ReDoS)
CVE-2020-26289 (High severity) was published Dec 24, 2020 date-and-time (npm)
Open redirect vulnerability
CVE-2020-26275 (Low severity) was published Dec 21, 2020 jupyter-server (pip)
Authenticated Server Side Request Forgery
GHSA-8pfh-mm2g-hmc3 (Low severity) was published Dec 21, 2020 shopware/core (Composer)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.