Skip to content

GitHub Advisory Database

2,935 advisories

Denial of Service via Cache Flooding
GHSA-p68v-frgx-4rjp (Low severity) was published Oct 19, 2020 shopware/core (Composer)
Authenticated XML External Entity Processing
GHSA-8xv9-qcr9-ww9j (Low severity) was published Oct 19, 2020 shopware/core (Composer)
Prototype pollution affecting the set() method using the includeInheritedProps mode
CVE-2020-15256 (High severity) was published Oct 19, 2020 object-path (npm)
Ability to switch customer email address on account detail page and stay verified
CVE-2020-15245 (Low severity) was published Oct 19, 2020 sylius\sylius (Composer)
Inline attribute values were not processed.
CVE-2020-15263 (High severity) was published Oct 19, 2020 orchid/platform (Composer)
Unprotected dynamically loaded chunks
CVE-2020-15262 (Low severity) was published Oct 19, 2020 webpack-subresource-integrity (npm)
Regular Expression Denial of Service in npm-user-validate
GHSA-xgh6-85xh-479p (Low severity) was published Oct 16, 2020 npm-user-validate (npm)
Memory exhaustion in http4s-async-http-client with large or malicious compressed responses
GHSA-8hxh-r6f7-jf45 (Low severity) was published Oct 16, 2020 org.http4s:http4s-async-http-client_2.12 (Maven)
Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint
CVE-2020-26891 (Moderate severity) was published Oct 16, 2020 matrix-synapse (pip)
Users with SCRIPT right can access the application server instance manager and create arbitrary Java objects through $xcontext.request and $context.request binding
CVE-2020-15252 (High severity) was published Oct 16, 2020 org.xwiki.platform:xwiki-platform-oldcore (Maven)
Ciphertext Malleability Issue in Tink Java
CVE-2020-8929 (Low severity) was published Oct 16, 2020 com.google.crypto.tink:tink (Maven)
Privilege Escalation issue in makemodechange self action logic
CVE-2020-15251 (Critical severity) was published Oct 13, 2020 sopel_plugins.channelmgnt (pip)
TemporaryFolder on unix-like systems does not limit access to created files
CVE-2020-15250 (Low severity) was published Oct 12, 2020 junit:junit (Maven)
Sensitive data exposure in NATS
CVE-2020-26149 (High severity) was published Oct 8, 2020 nats (npm)
Command Injection in jison
CVE-2020-8178 (High severity) was published Oct 8, 2020 jison (npm) • withdrawn
XSS vulnerability when listing users on add & modify server pages.
GHSA-5822-pw57-vv37 (Moderate severity) was published Oct 8, 2020 pterodactyl/panel (Composer)
Cross-Site Scripting in ternary conditional operator
CVE-2020-15241 (Moderate severity) was published Oct 8, 2020 typo3fluid/fluid (Composer)
Open Redirect in Next.js versions between 9.5.0 and 9.5.3
CVE-2020-15242 (Moderate severity) was published Oct 8, 2020 next (npm)
Man-in-the-middle attack in Apache Axis
CVE-2012-5784 (Moderate severity) was published Oct 7, 2020 axis:axis (Maven)
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
CVE-2020-15239 (Low severity) was published Oct 6, 2020 xmpp-http-upload (pip)
Context isolation bypass via prevented window.open
CVE-2020-15215 (Low severity) was published Oct 6, 2020 electron (npm)
Unpreventable top-level navigation
CVE-2020-15174 (High severity) was published Oct 6, 2020 electron (npm)
Possible timing attack in derivation_endpoint
CVE-2020-15237 (Moderate severity) was published Oct 5, 2020 shrine (RubyGems)
XSS in Joplin
CVE-2020-9038 (Moderate severity) was published Oct 13, 2020 joplin (npm)
Potential access control security issue in apollo-adminservice
CVE-2020-15170 (Low severity) was published Oct 2, 2020 com.ctrip.framework.apollo:apollo-core (Maven)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.