Skip to content

GitHub Advisory Database

2,082 advisories

Unintended read access in kramdown gem
CVE-2020-14001 (High severity) was published Aug 7, 2020 kramdown (RubyGems)
XSS vulnerability in the Previewers plugin
CVE-2020-15138 (High severity) was published Aug 7, 2020 prismjs (npm)
XSS via JQLite DOM manipulation functions in AngularJS
GHSA-5cp4-xmrw-59wf (Moderate severity) was published Aug 5, 2020 angular (npm)
CSRF Vulnerability
GHSA-whrh-9j4q-g7ph (Moderate severity) was published Aug 5, 2020 polaris-website (npm)
Reset Password / Login vulnerability
CVE-2020-15132 (Moderate severity) was published Aug 5, 2020 sulu/sulu (Composer)
CSRF on PgHero gem
CVE-2020-16253 (Moderate severity) was published Aug 5, 2020 pghero (RubyGems)
CSRF in Field Test
CVE-2020-16252 (Moderate severity) was published Aug 5, 2020 field_test (RubyGems)
[CVE-2020-15109] Ability to change order address without triggering address validations
CVE-2020-15109 (Moderate severity) was published Aug 4, 2020 solidus_api (RubyGems)
CSRF vulnerability
CVE-2020-15135 (Moderate severity) was published Aug 4, 2020 save-server (npm)
Denial of service in fastify
CVE-2020-8192 (Moderate severity) was published Aug 5, 2020 fastify (npm)
Prototype Pollution in express-fileupload
CVE-2020-7699 (High severity) was published Aug 5, 2020 express-fileupload (npm)
Code execution in Spring Integration
CVE-2020-5413 (High severity) was published Aug 5, 2020 org.springframework.integration:spring-integration-core (Maven)
Operation on a Resource after Expiration or Release in Jetty Server
CVE-2019-17638 (High severity) was published Aug 5, 2020 org.eclipse.jetty:jetty-server (Maven)
Encrypted cookie values are not tied to the cookie name
CVE-2020-15128 (Moderate severity) was published Aug 5, 2020 october/rain (Composer)
Missing TLS certificate verification
CVE-2020-15133 (High severity) was published Jul 31, 2020 faye-websocket (RubyGems)
Missing TLS certificate verification
CVE-2020-15134 (High severity) was published Jul 31, 2020 faye (RubyGems)
Potential XSS vulnerability in Kitodo.Presentation
CVE-2020-16095 (Moderate severity) was published Jul 31, 2020 kitodo/presentation (Composer)
False-positive validity for NFT1 genesis transactions
CVE-2020-15131 (Critical severity) was published Jul 30, 2020 slp-validate (npm)
False-positive validity for NFT1 genesis transactions
CVE-2020-15130 (Critical severity) was published Jul 30, 2020 slpjs (npm)
Prototype Pollution in dot-prop
CVE-2020-8116 (High severity) was published Jul 29, 2020 dot-prop (npm)
Signature Malleabillity in elliptic
CVE-2020-13822 (High severity) was published Jul 29, 2020 elliptic (npm)
Server side template injection in Apache Camel
CVE-2020-11994 (Moderate severity) was published Jul 29, 2020 org.apache.camel:camel-robotframework (Maven)
Remote code execution in turn extension for TYPO3
CVE-2020-15515 (Moderate severity) was published Jul 29, 2020 marcwillmann/turn (Composer)
Incorrect access control in typo3_forum
CVE-2020-15513 (Moderate severity) was published Jul 29, 2020 mittwald/typo3_forum (Composer)
Directory traversal in rollup-plugin-server
CVE-2020-7686 (Moderate severity) was published Jul 29, 2020 rollup-plugin-server (npm)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.