Skip to content

GitHub Advisory Database

3,004 advisories

Cross-Site Scripting bypass in html-purify
GHSA-5p28-63mc-cgr9 (High severity) was published Dec 4, 2020 html-purify (npm)
ReDOS vulnerabities: multiple grammars
GHSA-7wwv-vh3v-89cq (Moderate severity) was published Dec 4, 2020 @highlightjs/cdn-assets (npm)
Multiple cryptographic issues in Python oic
CVE-2020-26244 (Moderate severity) was published Dec 4, 2020 oic (pip)
Inappropriate implementation in V8
CVE-2020-16009 (High severity) was published Dec 2, 2020 CefSharp.Common (NuGet)
XXE in petl
GHSA-f5gc-p5m3-v347 (Low severity) was published Dec 2, 2020 petl (pip)
Buffer not correctly recycled in Gzip Request inflation
CVE-2020-27218 (Moderate severity) was published Dec 2, 2020 org.eclipse.jetty:jetty-server (Maven)
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
GHSA-47qg-q58v-7vrp (Low severity) was published Dec 2, 2020 amundsen-frontend (pip)
Base class whitelist configuration ignored in OAuthenticator
CVE-2020-26250 (High severity) was published Dec 1, 2020 oauthenticator (pip)
Inappropriate implementation in V8 in CefSharp
CVE-2020-16013 (High severity) was published Nov 27, 2020 CefSharp.Common (NuGet)
Use after free in CefSharp
CVE-2020-16017 (High severity) was published Nov 27, 2020 CefSharp.Common (NuGet)
Prototype Pollution in systeminformation
CVE-2020-26245 (Moderate severity) was published Nov 27, 2020 systeminformation (npm)
Memory leak in Nanopb
CVE-2020-26243 (Moderate severity) was published Nov 25, 2020 nanopb (pip)
Template injection in cron-utils
CVE-2020-26238 (Critical severity) was published Nov 24, 2020 com.cronutils:cron-utils (Maven)
Prototype Pollution in highlight.js
CVE-2020-26237 (Low severity) was published Nov 24, 2020 highlight.js (npm)
Denial of service attack due to invalid JSON
CVE-2020-26890 (High severity) was published Nov 24, 2020 matrix-synapse (pip)
datasette-graphql leaks details of the schema of private database files
GHSA-74hv-qjjq-h7g5 (Low severity) was published Nov 24, 2020 datasette-graphql (pip)
Implementation trusts the "me" field returned by the authorization server without verifying it
GHSA-mjcr-rqjg-rhg3 (Critical severity) was published Nov 24, 2020 datasette-indieauth (pip)
Open redirect in Jupyter Server
CVE-2020-26232 (Moderate severity) was published Nov 24, 2020 jupyter-server (pip)
XML External Entity in Dashboard Widget
CVE-2020-26229 (Low severity) was published Nov 23, 2020 typo3/cms-core (Composer)
Cleartext storage of session identifier
CVE-2020-26228 (High severity) was published Nov 23, 2020 typo3/cms-core (Composer)
Bypass of fix for CVE-2020-15247, Twig sandbox escape
CVE-2020-26231 (Low severity) was published Nov 23, 2020 october/cms (Composer)
Stored XSS by authenticated backend user with access to upload files
CVE-2020-15249 (Low severity) was published Nov 23, 2020 october/backend (Composer)
Privilege escalation by backend users assigned to the default "Publisher" system role
CVE-2020-15248 (Low severity) was published Nov 23, 2020 october/backend (Composer)
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
CVE-2020-15247 (Low severity) was published Nov 23, 2020 october/cms (Composer)
Local File Inclusion by unauthenticated users
CVE-2020-15246 (Low severity) was published Nov 23, 2020 october/cms (Composer)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.