Skip to content

GitHub Advisory Database

2,973 advisories

Persistent XSS in shopping worlds
GHSA-28fw-88hq-6jmm (Low severity) was published Nov 13, 2020 shopware/shopware (Composer)
Persistent XSS in newsletter module in Shopware
GHSA-hrfh-fp4x-crrq (Low severity) was published Nov 13, 2020 shopware/shopware (Composer)
Vulnerability in RPKI manifest validation
GHSA-q76j-58cx-wp5v (High severity) was published Nov 13, 2020 net.ripe.rpki:rpki-validator-3 (Maven)
Authorization bypass in Spree
CVE-2020-26223 (High severity) was published Nov 13, 2020 spree_api (RubyGems)
Float cast overflow undefined behavior
CVE-2020-15266 (Low severity) was published Nov 13, 2020 tensorflow (pip)
Segfault in `tf.quantization.quantize_and_dequantize`
CVE-2020-15265 (Low severity) was published Nov 13, 2020 tensorflow (pip)
Remote code execution in dependabot-core branch names when cloning
CVE-2020-26222 (Low severity) was published Nov 13, 2020 dependabot-common (RubyGems)
Persistent XSS in customer module in Shopware
GHSA-6gv9-7q4g-pmvm (Low severity) was published Nov 13, 2020 shopware/shopware (Composer)
Prototype Pollution in json-logic-js
GHSA-m9hw-7xfv-wqg7 (High severity) was published Nov 12, 2020 json-logic-js (npm)
Exploitable inventory component chaining in PocketMine-MP
GHSA-8jq6-w5cg-wm45 (High severity) was published Nov 11, 2020 pocketmine/pocketmine-mp (Composer)
remote code execution via cache action in MoinMoin
CVE-2020-25074 (Critical severity) was published Nov 11, 2020 moin (pip)
malicious SVG attachment causing stored XSS vulnerability
CVE-2020-15275 (Low severity) was published Nov 11, 2020 moin (pip)
Web Cache Poisoning in find-my-way
CVE-2020-7764 (Moderate severity) was published Nov 9, 2020 find-my-way (npm)
Cross-Site Scripting in scratch-svg-renderer
CVE-2020-7750 (High severity) was published Nov 9, 2020 scratch-svg-renderer (npm)
Arbitrary File Read in phantom-html-to-pdf
CVE-2020-7763 (High severity) was published Nov 6, 2020 phantom-html-to-pdf (npm)
LDAP authentication bypass with empty password
CVE-2020-26214 (High severity) was published Nov 6, 2020 alerta-server (pip)
Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
CVE-2020-15273 (Low severity) was published Nov 4, 2020 baserproject/basercms (Composer)
Remote Code Execution in Apache Synapse
CVE-2017-15708 (Critical severity) was published Nov 4, 2020 org.apache.synapse:synapse-core (Maven)
Local Temp Directory Hijacking Vulnerability
CVE-2020-27216 (High severity) was published Nov 4, 2020 org.eclipse.jetty:jetty-webapp (Maven)
Regression in JWT Signature Validation
CVE-2020-15240 (High severity) was published Nov 3, 2020 omniauth-auth0 (RubyGems)
Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
CVE-2020-15276 (Low severity) was published Oct 30, 2020 baserproject/basercms (Composer)
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
CVE-2020-15277 (High severity) was published Oct 30, 2020 baserproject/basercms (Composer)
RCE via PHP Object injection via SOAP Requests
CVE-2020-15244 (High severity) was published Oct 30, 2020 openmage/magento-lts (Composer)
Cross-site Scripting in Strapi
CVE-2020-27666 (High severity) was published Oct 29, 2020 strapi-plugin-content-manager (npm)
Improper Authorization in Strapi
CVE-2020-27665 (Moderate severity) was published Oct 29, 2020 strapi-plugin-content-type-builder (npm)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.