GitHub Advisory Database
1,914 advisories
Filter by severity
Potential Cross Site Scripting
CVE-2020-11082
(Moderate severity)
was published May 28, 2020
•
kaminari
(RubyGems)
command injection fix
CVE-2020-11079
(High severity)
was published May 28, 2020
•
dns-sync
(npm)
aegir publish may leak secrets in environment variables
CVE-2020-11059
(Critical severity)
was published May 27, 2020
•
aegir
(npm)
2020-05-26 Insufficient output escaping of attachment names
CVE-2020-13625
(Low severity)
was published May 27, 2020
•
phpmailer/phpmailer
(Composer)
Ability to forge per-form CSRF tokens in Rails
CVE-2020-8166
(Low severity)
was published May 26, 2020
•
actionpack
(RubyGems)
Possible Strong Parameters Bypass in ActionPack
CVE-2020-8164
(Moderate severity)
was published May 26, 2020
•
actionpack
(RubyGems)
Circumvention of file size limits in ActiveStorage
CVE-2020-8162
(Low severity)
was published May 26, 2020
•
activestorage
(RubyGems)
Unintended unmarshalling in ActiveSupport
CVE-2020-8165
(High severity)
was published May 26, 2020
•
activesupport
(RubyGems)
Private key leak in Apache CXF
CVE-2019-12423
(Moderate severity)
was published May 22, 2020
•
org.apache.cxf:apache-cxf
(Maven)
HTTP Smuggling via Transfer-Encoding Header
CVE-2020-11077
(Moderate severity)
was published May 22, 2020
•
puma
(RubyGems)
HTTP Smuggling via Transfer-Encoding Header
CVE-2020-11076
(High severity)
was published May 22, 2020
•
puma
(RubyGems)
Information disclosure issue in Active Resource
CVE-2020-8151
(Moderate severity)
was published May 21, 2020
•
activeresource
(RubyGems)
Apache Camel Netty enables Java deserialization by default
CVE-2020-11973
(High severity)
was published May 21, 2020
•
org.apache.camel:camel-netty
(Maven)
Apache ActiveMQ webconsole admin GUI is open to XSS
CVE-2020-1941
(Moderate severity)
was published May 21, 2020
•
org.apache.activemq:activemq-web-console
(Maven)
XSS in Dolibarr
CVE-2020-13094
(Low severity)
was published May 21, 2020
•
dolibarr/dolibarr
(Composer)
Code execution vulnerability in HtmlUnit
CVE-2020-5529
(Moderate severity)
was published May 21, 2020
•
net.sourceforge.htmlunit:htmlunit
(Maven)
Potential remote code execution in Apache Tomcat
CVE-2020-9484
(Moderate severity)
was published May 21, 2020
•
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Remote code execution in Apache Commons Configuration
CVE-2020-1953
(High severity)
was published May 21, 2020
•
org.apache.commons:commons-configuration2
(Maven)
Cross-site Scripting in jQuery
CVE-2020-7656
(Moderate severity)
was published May 20, 2020
•
jquery
(npm)
CWE-93 CRLF injection in httplib2
CVE-2020-11078
(Low severity)
was published May 20, 2020
•
httplib2
(pip)
Python Image Library (PIL) allows symlink attacks
CVE-2014-1933
(Moderate severity)
was published May 18, 2020
•
Pillow
(pip)
Backend Same-Site Request Forgery
CVE-2020-11069
(High severity)
was published May 13, 2020
•
typo3/cms-core
(Composer)
Insecure Deserialization in Backend User Settings
CVE-2020-11067
(High severity)
was published May 13, 2020
•
typo3/cms-core
(Composer)
Class destructors causing side-effects when being unserialized
CVE-2020-11066
(High severity)
was published May 13, 2020
•
typo3/cms-core
(Composer)
Cross-Site Scripting in Link Handling
CVE-2020-11065
(Moderate severity)
was published May 13, 2020
•
typo3/cms-core
(Composer)
ProTip! Advisories are also available from the
GraphQL API.