GitHub Advisory Database
2,950 advisories
Filter by severity
Cross-site Scripting in Strapi
CVE-2020-27666
(High severity)
was published Oct 29, 2020
•
strapi-plugin-content-manager
(npm)
Improper Authorization in Strapi
CVE-2020-27665
(Moderate severity)
was published Oct 29, 2020
•
strapi-plugin-content-type-builder
(npm)
CLI does not correctly implement strict mode
GHSA-2xwp-m7mq-7q3r
(Low severity)
was published Oct 28, 2020
•
aws-encryption-sdk-cli
(pip)
command injection vularibiliry
GHSA-fj59-f6c3-3vw4
(Moderate severity)
was published Oct 27, 2020
•
systeminformation
(npm)
HMAC-SHA1 signatures can bypass validation via key confusion
GHSA-c27r-x354-4m68
(High severity)
was published Oct 27, 2020
•
xml-crypto
(npm)
RSA decryption vulnerable to Bleichenbacher timing vulnerability
CVE-2020-25659
(Moderate severity)
was published Oct 27, 2020
•
cryptography
(pip)
command injection vulnerability
CVE-2020-7752
(Moderate severity)
was published Oct 27, 2020
•
systeminformation
(npm)
Unauthorized privilege escalation in Mod module
GHSA-mp9m-g7qj-6vqr
(Moderate severity)
was published Oct 27, 2020
•
red-discordbot
(pip)
Heap overflow in the freetype library (CVE-2020-15999)
CVE-2020-15999
(Critical severity)
was published Oct 27, 2020
•
CefSharp.Common
(NuGet)
Update bitlyshortener to >=0.5.0 to prevent generating some invalid short URLs
GHSA-r82c-j4mq-5xfw
(High severity)
was published Oct 27, 2020
•
bitlyshortener
(pip)
Arbitrary Code Execution in blazar-dashboard
CVE-2020-26943
(Moderate severity)
was published Oct 27, 2020
•
blazar-dashboard
(pip)
Markdown-supplied Shell Command Execution
CVE-2020-15271
(Critical severity)
was published Oct 27, 2020
•
lookatme
(pip)
Receiving subscription objects with deleted session
CVE-2020-15270
(Moderate severity)
was published Oct 27, 2020
•
parse-server
(npm)
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls
CVE-2020-15269
(High severity)
was published Oct 20, 2020
•
spree
(RubyGems)
HTTP Request Smuggling in Agoo
CVE-2020-7670
(Moderate severity)
was published Oct 20, 2020
•
agoo
(RubyGems)
Denial of Service via Cache Flooding
GHSA-p68v-frgx-4rjp
(Low severity)
was published Oct 19, 2020
•
shopware/core
(Composer)
Authenticated XML External Entity Processing
GHSA-8xv9-qcr9-ww9j
(Low severity)
was published Oct 19, 2020
•
shopware/core
(Composer)
Prototype pollution affecting the set() method using the includeInheritedProps mode
CVE-2020-15256
(High severity)
was published Oct 19, 2020
•
object-path
(npm)
Ability to switch customer email address on account detail page and stay verified
CVE-2020-15245
(Low severity)
was published Oct 19, 2020
•
sylius\sylius
(Composer)
Inline attribute values were not processed.
CVE-2020-15263
(High severity)
was published Oct 19, 2020
•
orchid/platform
(Composer)
Unprotected dynamically loaded chunks
CVE-2020-15262
(Low severity)
was published Oct 19, 2020
•
webpack-subresource-integrity
(npm)
Regular Expression Denial of Service in npm-user-validate
GHSA-xgh6-85xh-479p
(Low severity)
was published Oct 16, 2020
•
npm-user-validate
(npm)
Memory exhaustion in http4s-async-http-client with large or malicious compressed responses
GHSA-8hxh-r6f7-jf45
(Low severity)
was published Oct 16, 2020
•
org.http4s:http4s-async-http-client_2.12
(Maven)
Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint
CVE-2020-26891
(Moderate severity)
was published Oct 16, 2020
•
matrix-synapse
(pip)
Users with SCRIPT right can access the application server instance manager and create arbitrary Java objects through $xcontext.request and $context.request binding
CVE-2020-15252
(High severity)
was published Oct 16, 2020
•
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
ProTip! Advisories are also available from the
GraphQL API.