GitHub Advisory Database
3,138 advisories
Filter by severity
XML External Entity (XXE) Injection in Jackson Databind
CVE-2020-25649
(High severity)
was published Feb 18, 2021
•
com.fasterxml.jackson.core:jackson-databind
(Maven)
Path traversal in bolt/core
CVE-2021-27367
(Moderate severity)
was published Feb 18, 2021
•
bolt/core
(Composer)
Dynamic modification of RPyC service due to missing security check
CVE-2019-16328
(High severity)
was published Feb 17, 2021
•
rpyc
(pip)
Command Injection Vulnerability
CVE-2021-21315
(Moderate severity)
was published Feb 16, 2021
•
systeminformation
(npm)
Token verification bug in next-auth
CVE-2021-21310
(Low severity)
was published Feb 11, 2021
•
next-auth
(npm)
SSRF by connecting to privileged ports
CVE-2018-7667
(Moderate severity)
was published Feb 11, 2021
•
vrana/adminer
(Composer)
SSRF in adminer
CVE-2021-21311
(Low severity)
was published Feb 11, 2021
•
vrana/adminer
(Composer)
XSS via the history parameter in SQL command
CVE-2020-35572
(High severity)
was published Feb 11, 2021
•
vrana/adminer
(Composer)
Command injection in samba-client
CVE-2021-27185
(Moderate severity)
was published Feb 11, 2021
•
samba-client
(npm)
XSS in Adminer
CVE-2020-35572
(Moderate severity)
was published Feb 11, 2021
•
adminer
(Composer)
•
withdrawn
XSS in apexcharts
CVE-2021-23327
(Moderate severity)
was published Feb 11, 2021
•
apexcharts
(npm)
File System Bounds Escape
CVE-2020-26299
(Moderate severity)
was published Feb 10, 2021
•
ftp-srv
(npm)
Session ID not invalidated after logout
CVE-2021-3311
(Low severity)
was published Feb 10, 2021
•
october/rain
(Composer)
Leak of information via Store-API
GHSA-f2vv-h5x4-57gr
(Critical severity)
was published Feb 10, 2021
•
shopware/platform
(Composer)
Generation of fake documents via public GET-call
GHSA-jvg4-9rc2-wvcr
(Low severity)
was published Feb 10, 2021
•
shopware/platform
(Composer)
Remote Code Execution in SCIMono
CVE-2021-21479
(High severity)
was published Feb 10, 2021
•
com.sap.scimono:scimono-server
(Maven)
Symmetrically encrypting large values can lead to integer overflow
CVE-2020-36242
(Moderate severity)
was published Feb 10, 2021
•
cryptography
(pip)
Regular Expression Denial of Service (REDoS) in Marked
CVE-2021-21306
(Moderate severity)
was published Feb 8, 2021
•
marked
(npm)
Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files
CVE-2021-21290
(Low severity)
was published Feb 8, 2021
•
io.netty:netty-codec-http
(Maven)
Regular Expression Denial of Service (REDoS) in httplib2
CVE-2021-21240
(Low severity)
was published Feb 8, 2021
•
httplib2
(pip)
Code Injection vulnerability in CarrierWave::RMagick
CVE-2021-21305
(Low severity)
was published Feb 8, 2021
•
carrierwave
(RubyGems)
Server-side request forgery in CarrierWave
CVE-2021-21288
(Low severity)
was published Feb 8, 2021
•
carrierwave
(RubyGems)
Prototype Pollution in Dynamoose
CVE-2021-21304
(Moderate severity)
was published Feb 8, 2021
•
dynamoose
(npm)
Key Caching behavior in the DynamoDB Encryption Client.
GHSA-4ph2-8337-hm62
(Low severity)
was published Feb 8, 2021
•
dynamodb-encryption-sdk
(pip)
Key Caching behavior in the DynamoDB Encryption Client.
GHSA-w736-hf9p-qqh3
(Low severity)
was published Feb 8, 2021
•
com.amazonaws:aws-dynamodb-encryption-java
(Maven)
ProTip! Advisories are also available from the
GraphQL API.