GitHub Advisory Database
3,004 advisories
Filter by severity
Cross-Site Scripting bypass in html-purify
GHSA-5p28-63mc-cgr9
(High severity)
was published Dec 4, 2020
•
html-purify
(npm)
ReDOS vulnerabities: multiple grammars
GHSA-7wwv-vh3v-89cq
(Moderate severity)
was published Dec 4, 2020
•
@highlightjs/cdn-assets
(npm)
Multiple cryptographic issues in Python oic
CVE-2020-26244
(Moderate severity)
was published Dec 4, 2020
•
oic
(pip)
Inappropriate implementation in V8
CVE-2020-16009
(High severity)
was published Dec 2, 2020
•
CefSharp.Common
(NuGet)
XXE in petl
GHSA-f5gc-p5m3-v347
(Low severity)
was published Dec 2, 2020
•
petl
(pip)
Buffer not correctly recycled in Gzip Request inflation
CVE-2020-27218
(Moderate severity)
was published Dec 2, 2020
•
org.eclipse.jetty:jetty-server
(Maven)
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
GHSA-47qg-q58v-7vrp
(Low severity)
was published Dec 2, 2020
•
amundsen-frontend
(pip)
Base class whitelist configuration ignored in OAuthenticator
CVE-2020-26250
(High severity)
was published Dec 1, 2020
•
oauthenticator
(pip)
Inappropriate implementation in V8 in CefSharp
CVE-2020-16013
(High severity)
was published Nov 27, 2020
•
CefSharp.Common
(NuGet)
Use after free in CefSharp
CVE-2020-16017
(High severity)
was published Nov 27, 2020
•
CefSharp.Common
(NuGet)
Prototype Pollution in systeminformation
CVE-2020-26245
(Moderate severity)
was published Nov 27, 2020
•
systeminformation
(npm)
Memory leak in Nanopb
CVE-2020-26243
(Moderate severity)
was published Nov 25, 2020
•
nanopb
(pip)
Template injection in cron-utils
CVE-2020-26238
(Critical severity)
was published Nov 24, 2020
•
com.cronutils:cron-utils
(Maven)
Prototype Pollution in highlight.js
CVE-2020-26237
(Low severity)
was published Nov 24, 2020
•
highlight.js
(npm)
Denial of service attack due to invalid JSON
CVE-2020-26890
(High severity)
was published Nov 24, 2020
•
matrix-synapse
(pip)
datasette-graphql leaks details of the schema of private database files
GHSA-74hv-qjjq-h7g5
(Low severity)
was published Nov 24, 2020
•
datasette-graphql
(pip)
Implementation trusts the "me" field returned by the authorization server without verifying it
GHSA-mjcr-rqjg-rhg3
(Critical severity)
was published Nov 24, 2020
•
datasette-indieauth
(pip)
Open redirect in Jupyter Server
CVE-2020-26232
(Moderate severity)
was published Nov 24, 2020
•
jupyter-server
(pip)
XML External Entity in Dashboard Widget
CVE-2020-26229
(Low severity)
was published Nov 23, 2020
•
typo3/cms-core
(Composer)
Cleartext storage of session identifier
CVE-2020-26228
(High severity)
was published Nov 23, 2020
•
typo3/cms-core
(Composer)
Bypass of fix for CVE-2020-15247, Twig sandbox escape
CVE-2020-26231
(Low severity)
was published Nov 23, 2020
•
october/cms
(Composer)
Stored XSS by authenticated backend user with access to upload files
CVE-2020-15249
(Low severity)
was published Nov 23, 2020
•
october/backend
(Composer)
Privilege escalation by backend users assigned to the default "Publisher" system role
CVE-2020-15248
(Low severity)
was published Nov 23, 2020
•
october/backend
(Composer)
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
CVE-2020-15247
(Low severity)
was published Nov 23, 2020
•
october/cms
(Composer)
Local File Inclusion by unauthenticated users
CVE-2020-15246
(Low severity)
was published Nov 23, 2020
•
october/cms
(Composer)
ProTip! Advisories are also available from the
GraphQL API.