GitHub Advisory Database
1,850 advisories
Filter by severity
npm-programmatic is vulnerable to Command Injection
CVE-2020-7614
(High severity)
was published Apr 23, 2020
•
npm-programmatic
(npm)
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-10969
(Moderate severity)
was published Apr 23, 2020
•
com.fasterxml.jackson.core:jackson-databind
(Maven)
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-9546
(Moderate severity)
was published Apr 23, 2020
•
com.fasterxml.jackson.core:jackson-databind
(Maven)
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-11620
(Moderate severity)
was published Apr 23, 2020
•
com.fasterxml.jackson.core:jackson-databind
(Maven)
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-10672
(Moderate severity)
was published Apr 23, 2020
•
com.fasterxml.jackson.core:jackson-databind
(Maven)
XSS in python-markdown2
CVE-2020-11888
(Moderate severity)
was published Apr 22, 2020
•
markdown2
(pip)
Information disclosure of source code
CVE-2020-5301
(Low severity)
was published Apr 22, 2020
•
simplesamlphp/simplesamlphp
(Composer)
Subject Confirmation Method not Validated
CVE-2020-5268
(Moderate severity)
was published Apr 22, 2020
•
Sustainsys.Saml2
(NuGet)
Various SQL injection attacks have been mitigated.
CVE-2020-11010
(Moderate severity)
was published Apr 20, 2020
•
tortoise-orm
(pip)
Negative charge in shopping cart
CVE-2020-11007
(Critical severity)
was published Apr 22, 2020
•
com.shopizer:sm-core-model
(Maven)
man-in-the-middle attack in lix
CVE-2020-10800
(Moderate severity)
was published Apr 16, 2020
•
lix
(npm)
Insufficiently random GUIDs in node-uuid
CVE-2015-8851
(Moderate severity)
was published Apr 16, 2020
•
node-uuid
(npm)
XSS in sanitize-html
CVE-2016-1000237
(Moderate severity)
was published Apr 16, 2020
•
sanitize-html
(npm)
CSRF and DNS Rebinding
CVE-2020-11003
(Moderate severity)
was published Apr 16, 2020
•
@fraction/oasis
(npm)
Improper Restriction of Rendered UI Layers or Frames in Keycloak
CVE-2020-1728
(Moderate severity)
was published Apr 15, 2020
•
org.keycloak:keycloak-core
(Maven)
Predictable password in Keycloak
CVE-2020-1731
(High severity)
was published Apr 15, 2020
•
org.keycloak:keycloak-core
(Maven)
XSS in Keycloak
CVE-2020-1697
(Low severity)
was published Apr 15, 2020
•
org.keycloak:keycloak-core
(Maven)
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak
CVE-2019-14820
(Moderate severity)
was published Apr 15, 2020
•
org.keycloak:keycloak-core
(Maven)
XSS injection in the Grid component of Sylius
CVE-2019-12186
(Moderate severity)
was published Apr 15, 2020
•
sylius/grid
(Composer)
Possible XSS attack via page revision comparison view
CVE-2020-11001
(Moderate severity)
was published Apr 14, 2020
•
wagtail
(pip)
Internal NCryptDecrypt method could be used by other libraries as well.
CVE-2020-11005
(Moderate severity)
was published Apr 14, 2020
•
HaemmerElectronics.SeppPenner.WindowsHello
(NuGet)
OS Command Injection in devcert-sanscache
CVE-2019-10778
(High severity)
was published Apr 14, 2020
•
devcert-sanscache
(npm)
Persistent Cross-Site scripting in Nexus Repository Manager
CVE-2020-10203
(Low severity)
was published Apr 14, 2020
•
org.sonatype.nexus:nexus-core
(Maven)
Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager
CVE-2020-10204
(High severity)
was published Apr 14, 2020
•
org.sonatype.nexus:nexus-core
(Maven)
Nexus Repository Manager 3 - Remote Code Execution
CVE-2020-10199
(High severity)
was published Apr 14, 2020
•
org.sonatype.nexus:nexus-extdirect
(Maven)
ProTip! Advisories are also available from the
GraphQL API.