Skip to content

GitHub Advisory Database

2,101 advisories

Remote Code Execution in Streams module
CVE-2020-15147 (High severity) was published Aug 21, 2020 Red-DiscordBot (pip)
Remote Code Execution in Trivia module
CVE-2020-15140 (High severity) was published Aug 21, 2020 Red-DiscordBot (pip)
Incorrect threshold signature computation
CVE-2020-6174 (High severity) was published Aug 21, 2020 tuf (pip)
Potential client DoS for attacker that can create metadata files on the repository
CVE-2020-6173 (Low severity) was published Aug 21, 2020 tuf (pip)
Inadequate Encryption Strength in bcrypt
CVE-2020-7689 (Moderate severity) was published Aug 20, 2020 bcrypt (npm)
DOM-based XSS in Lock
CVE-2020-15119 (Low severity) was published Aug 19, 2020 auth0-lock (npm)
Remote Code Execution in ParametersParser while using request parameters inside expression language
CVE-2020-15143 (High severity) was published Aug 19, 2020 sylius/resource-bundle (Composer)
Remote Code Execution in OptionsParser while using request parameters inside expression language
CVE-2020-15146 (Critical severity) was published Aug 19, 2020 sylius/resource-bundle (Composer)
Observable Timing Discrepancy
CVE-2020-15151 (High severity) was published Aug 19, 2020 openmage/magento-lts (Composer)
CSRF in Play Framework
CVE-2020-12480 (Low severity) was published Aug 18, 2020 com.typesafe.play:play_2.12 (Maven)
Server-Side Request Forgery
CVE-2020-15152 (Critical severity) was published Aug 17, 2020 ftp-srv (npm)
Data Injection Vulnerability in moped Rubygem
CVE-2015-4410 (Moderate severity) was published Aug 19, 2020 moped (RubyGems)
Arbitrary Code Generation
CVE-2020-15142 (High severity) was published Aug 20, 2020 openapi-python-client (pip)
Path Traversal Vulnerability
CVE-2020-15141 (Low severity) was published Aug 20, 2020 openapi-python-client (pip)
Server-Side Request Forgery in @uppy/companion
CVE-2020-8205 (Moderate severity) was published Aug 13, 2020 @uppy/companion (npm)
Cross-Site Scripting in @progress/kendo-angular-editor
GHSA-j7wp-vjj6-cp5m (High severity) was published Aug 11, 2020 @progress/kendo-angular-editor (npm)
CSS Injection in Chartkick gem
CVE-2020-16254 (Moderate severity) was published Aug 12, 2020 chartkick (RubyGems)
Insecure serialization leading to RCE in serialize-javascript
CVE-2020-7660 (High severity) was published Aug 11, 2020 serialize-javascript (npm)
Cross-site scripting vulnerability in TinyMCE
GHSA-vrv8-v4w8-f95h (Moderate severity) was published Aug 11, 2020 tinymce (npm)
CSRF tokens leaked in URL by canned query form
GHSA-q6j3-c4wc-63vw (Low severity) was published Aug 11, 2020 datasette (pip)
Unintended read access in kramdown gem
CVE-2020-14001 (High severity) was published Aug 7, 2020 kramdown (RubyGems)
XSS vulnerability in the Previewers plugin
CVE-2020-15138 (High severity) was published Aug 7, 2020 prismjs (npm)
XSS via JQLite DOM manipulation functions in AngularJS
GHSA-5cp4-xmrw-59wf (Moderate severity) was published Aug 5, 2020 angular (npm)
CSRF Vulnerability
GHSA-whrh-9j4q-g7ph (Moderate severity) was published Aug 5, 2020 polaris-website (npm)
Reset Password / Login vulnerability
CVE-2020-15132 (Moderate severity) was published Aug 5, 2020 sulu/sulu (Composer)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.