Skip to content

GitHub Advisory Database

3,045 advisories

Hostname spoofing via backslashes in URL
CVE-2020-26291 (Low severity) was published Dec 30, 2020 urijs (npm)
XSS in Vega
CVE-2020-26296 (Low severity) was published Dec 30, 2020 vega (npm)
XXE in Nokogiri
CVE-2020-26247 (Low severity) was published Dec 30, 2020 nokogiri (RubyGems)
Parse Server stores password in plain text
CVE-2020-26288 (Low severity) was published Dec 28, 2020 parse-server (npm)
Server-Side Template Injection
CVE-2020-26282 (High severity) was published Dec 24, 2020 com.browserup:browserup-proxy (Maven)
regular expression denial of service (ReDoS)
CVE-2020-26289 (High severity) was published Dec 24, 2020 date-and-time (npm)
Open redirect vulnerability
CVE-2020-26275 (Low severity) was published Dec 21, 2020 jupyter-server (pip)
Authenticated Server Side Request Forgery
GHSA-8pfh-mm2g-hmc3 (Low severity) was published Dec 21, 2020 shopware/core (Composer)
Information exposure via query strings in URL
GHSA-cq6h-w3mc-57f4 (Low severity) was published Dec 21, 2020 shopware/core (Composer)
Authenticated Privilege Escalation
GHSA-5q58-x5h2-v5rx (Low severity) was published Dec 21, 2020 shopware/core (Composer)
RSA weakness in tslite-ng
CVE-2020-26263 (Low severity) was published Dec 21, 2020 tlslite-ng (pip)
A Server-Side Forgery Request can be activated unmarshalling with XStream
CVE-2020-26258 (Low severity) was published Dec 21, 2020 com.thoughtworks.xstream:xstream (Maven)
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling
CVE-2020-26259 (Low severity) was published Dec 21, 2020 com.thoughtworks.xstream:xstream (Maven)
Cross-Site Scripting in Fluid view helpers
CVE-2020-26227 (Moderate severity) was published Dec 21, 2020 typo3/cms-core (Composer)
Cross-site Scripting in dompurify
CVE-2020-26870 (Moderate severity) was published Dec 18, 2020 dompurify (npm)
Path Traversal in MPXJ
CVE-2020-35460 (Moderate severity) was published Dec 18, 2020 net.sf.mpxj:mpxj (Maven)
OS Command Injection in node-notifier
CVE-2020-7789 (Moderate severity) was published Dec 21, 2020 node-notifier (npm)
Code Injection in mquery
CVE-2020-35149 (Moderate severity) was published Dec 18, 2020 mquery (npm)
Command Injection in corenlp-js-interface
CVE-2020-28440 (Critical severity) was published Dec 18, 2020 corenlp-js-interface (npm)
SSRF vulnerability in Arache Airflow
CVE-2020-17513 (Moderate severity) was published Dec 17, 2020 apache-airflow (pip)
Plain text storage of passwords in Apache Airflow
CVE-2020-17511 (Moderate severity) was published Dec 17, 2020 apache-airflow (pip)
Command injection in connection-tester
CVE-2020-7781 (Critical severity) was published Dec 17, 2020 connection-tester (npm)
Prototype pollution in datatables.net
CVE-2020-28458 (High severity) was published Dec 17, 2020 datatables.net (npm)
Command Injection Vulnerability in systeminformation
CVE-2020-26274 (Moderate severity) was published Dec 16, 2020 systeminformation (npm)
Denial of Service in ecstatic
CVE-2019-10775 (Moderate severity) was published Dec 15, 2020 ecstatic (npm)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.