Skip to content

GitHub Advisory Database

2,921 advisories

Sensitive data exposure in NATS
CVE-2020-26149 (High severity) was published Oct 8, 2020 nats (npm)
Command Injection in jison
CVE-2020-8178 (High severity) was published Oct 8, 2020 jison (npm)
XSS vulnerability when listing users on add & modify server pages.
GHSA-5822-pw57-vv37 (Moderate severity) was published Oct 8, 2020 pterodactyl/panel (Composer)
Cross-Site Scripting in ternary conditional operator
CVE-2020-15241 (Moderate severity) was published Oct 8, 2020 typo3fluid/fluid (Composer)
Open Redirect in Next.js versions between 9.5.0 and 9.5.3
CVE-2020-15242 (Moderate severity) was published Oct 8, 2020 next (npm)
Man-in-the-middle attack in Apache Axis
CVE-2012-5784 (Moderate severity) was published Oct 7, 2020 axis:axis (Maven)
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
CVE-2020-15239 (Low severity) was published Oct 6, 2020 xmpp-http-upload (pip)
Context isolation bypass via prevented window.open
CVE-2020-15215 (Low severity) was published Oct 6, 2020 electron (npm)
Unpreventable top-level navigation
CVE-2020-15174 (High severity) was published Oct 6, 2020 electron (npm)
Possible timing attack in derivation_endpoint
CVE-2020-15237 (Moderate severity) was published Oct 5, 2020 shrine (RubyGems)
Potential access control security issue in apollo-adminservice
CVE-2020-15170 (Low severity) was published Oct 2, 2020 com.ctrip.framework.apollo:apollo-core (Maven)
Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration
GHSA-f366-4rvv-95x2 (Low severity) was published Oct 2, 2020 cryptoauthlib (pip)
Universal XSS in Android WebView
GHSA-36j3-xxf7-4pqg (High severity) was published Oct 2, 2020 react-native-webview (npm)
File restriction bypass in socket.io-file
GHSA-6495-8jvh-f28x (High severity) was published Oct 2, 2020 socket.io-file (npm)
Potential Remote Code Execution vulnerability
CVE-2020-15227 (Low severity) was published Oct 2, 2020 nette/application (Composer)
`add-path` and `set-env` Runner commands are processed via stdout
CVE-2020-15228 (Low severity) was published Oct 1, 2020 @actions/core (npm)
Malicious code in `electorn`
GHSA-38hx-3542-8fh3 (Critical severity) was published Oct 1, 2020 electorn (npm)
Malicious code in `loadyaml`
GHSA-mfc2-93pr-jf92 (Critical severity) was published Oct 1, 2020 loadyaml (npm)
Potential DoS with NumberFilter conversion to integer values.
CVE-2020-15225 (Moderate severity) was published Sep 28, 2020 django-filters (pip)
Out of bounds access in TFLite implementation of segment sum
CVE-2020-15212 (High severity) was published Sep 25, 2020 tensorflow (pip)
Out of bounds write in TFLite implementation of segment sum
CVE-2020-15214 (High severity) was published Sep 25, 2020 tensorflow (pip)
Denial of service from TFLite implementation of segment sum
CVE-2020-15213 (Moderate severity) was published Sep 25, 2020 tensorflow (pip)
Segmentation fault and/or data corruption due to invalid TFLite model
CVE-2020-15210 (Moderate severity) was published Sep 25, 2020 tensorflow (pip)
Out of bounds access in TFLite operators
CVE-2020-15211 (Moderate severity) was published Sep 25, 2020 tensorflow (pip)
Null pointer dereference in TFLite
CVE-2020-15209 (Moderate severity) was published Sep 25, 2020 tensorflow (pip)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.