Skip to content

GitHub Advisory Database

1,975 advisories

HTML sanitization bypass in Sanitize
CVE-2020-4054 (High severity) was published Jun 16, 2020 sanitize (RubyGems)
XSS in dijit/editor
CVE-2020-4051 (Low severity) was published Jun 15, 2020 dijit (npm)
Denial of Service in Tomcat
CVE-2019-0199 (Moderate severity) was published Jun 15, 2020 org.apache.tomcat.embed:tomcat-embed-core (Maven)
Improper Input Validation in Tomcat
CVE-2020-1938 (High severity) was published Jun 15, 2020 org.apache.tomcat.embed:tomcat-embed-core (Maven)
Denial of service in Apache Xerces2
CVE-2009-2625 (Moderate severity) was published Jun 15, 2020 xerces:xercesImpl (Maven)
Denial of service in Apache Xerces2
CVE-2012-0881 (Low severity) was published Jun 15, 2020 xerces:xercesImpl (Maven)
Improper Input Validation in jackson-databind
CVE-2019-17267 (Critical severity) was published Jun 15, 2020 com.fasterxml.jackson.core:jackson-databind (Maven)
Deserialization of Untrusted Data
CVE-2018-12023 (High severity) was published Jun 15, 2020 com.fasterxml.jackson.core:jackson-databind (Maven)
Deserialization of Untrusted Data in jackson-databind
CVE-2018-12022 (High severity) was published Jun 15, 2020 com.fasterxml.jackson.core:jackson-databind (Maven) • withdrawn
SSB-DB#get() is decrypting messages by default
CVE-2020-4045 (High severity) was published Jun 11, 2020 ssb-db (npm)
Insufficient Entropy in Spring Security
CVE-2020-5408 (Moderate severity) was published Jun 15, 2020 org.springframework.security:spring-security-core (Maven)
Denial of Service in Spring Framework
CVE-2018-15756 (High severity) was published Jun 15, 2020 org.springframework:spring-core (Maven)
Denial of Service in Netty
CVE-2020-11612 (High severity) was published Jun 15, 2020 io.netty:netty-handler (Maven)
Privilege Escalation in Hibernate Validator
CVE-2017-7536 (High severity) was published Jun 15, 2020 org.hibernate:hibernate-validator (Maven)
Denial of Service in Google Guava
CVE-2018-10237 (Moderate severity) was published Jun 15, 2020 com.google.guava:guava (Maven)
Insecure Deserialization in Apache Commons Collection
CVE-2015-6420 (High severity) was published Jun 15, 2020 commons-collections:commons-collections (Maven)
Insecure Deserialization in Apache Commons Beanutils
CVE-2019-10086 (High severity) was published Jun 15, 2020 commons-beanutils:commons-beanutils (Maven)
Malformed TAA in a transaction causes view change
CVE-2020-11090 (High severity) was published Jun 11, 2020 indy-node (pip)
Arbitrary code execution in Apache Commons BeanUtils
CVE-2014-0114 (High severity) was published Jun 10, 2020 commons-beanutils:commons-beanutils (Maven)
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-11112 (Moderate severity) was published Jun 10, 2020 com.fasterxml.jackson.core:jackson-databind (Maven)
Information disclosure in JBoss Weld
CVE-2014-8122 (Moderate severity) was published Jun 10, 2020 org.jboss.weld:weld-core-bom (Maven)
Command injection in umount
CVE-2020-7628 (High severity) was published Jun 10, 2020 umount (npm)
Prototype pollution in ini-parser
CVE-2020-7617 (High severity) was published Jun 10, 2020 ini-parser (npm)
Phar unserialization vulnerability
CVE-2020-4043 (High severity) was published Jun 10, 2020 phpmussel/phpmussel (Composer)
SQL Injection in Geocoder
CVE-2020-7981 (High severity) was published Jun 10, 2020 geocoder (RubyGems)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.