GitHub Advisory Database
3,083 advisories
Filter by severity
Improper Verification of Cryptographic Signature in PySAML2
CVE-2021-21239
(Low severity)
was published Jan 21, 2021
•
pysaml2
(pip)
SAML XML Signature wrapping in PySAML2
CVE-2021-21238
(Low severity)
was published Jan 21, 2021
•
pysaml2
(pip)
Blind SQL injection in PrestaShop productcomments module
CVE-2020-26248
(Low severity)
was published Jan 20, 2021
•
prestashop/productcomments
(Composer)
Cross-site Request Forgery in fastify-csrf
CVE-2020-28482
(Moderate severity)
was published Jan 20, 2021
•
fastify-csrf
(npm)
Prototype Pollution in immer
CVE-2020-28477
(High severity)
was published Jan 20, 2021
•
immer
(npm)
Insecure defaults due to CORS misconfiguration in socket.io
CVE-2020-28481
(Moderate severity)
was published Jan 20, 2021
•
socket.io
(npm)
Prototype pollution in gsap
CVE-2020-28478
(High severity)
was published Jan 20, 2021
•
gsap
(npm)
Prototype pollution in JointJS
CVE-2020-28480
(High severity)
was published Jan 20, 2021
•
jointjs
(npm)
Deserialization of untrusted data in jackson-databind
CVE-2021-20190
(High severity)
was published Jan 20, 2021
•
com.fasterxml.jackson.core:jackson-databind
(Maven)
XSS vulnerability in Author URL of themes in Mautic
CVE-2018-11198
(Low severity)
was published Jan 19, 2021
•
mautic/core
(Composer)
XSS vulnerability in theme config file in Mautic
CVE-2018-8071
(Low severity)
was published Jan 19, 2021
•
mautic/core
(Composer)
Disabled users able to log in with third party SSO plugin
CVE-2017-1000489
(Moderate severity)
was published Jan 19, 2021
•
mautic/core
(Composer)
Inline JS XSS vulnerability in Mautic
CVE-2017-1000488
(Moderate severity)
was published Jan 19, 2021
•
mautic/core
(Composer)
Sessions could be hijacked due to tracking contacts by an auto-incremented ID in Mautic
CVE-2018-10189
(Moderate severity)
was published Jan 19, 2021
•
mautic/core
(Composer)
XSS vulnerability in company name field in Mautic
CVE-2018-11200
(Moderate severity)
was published Jan 19, 2021
•
mautic/core
(Composer)
CSV Injection vulnerability with exported contact lists in Mautic
CVE-2018-8092
(Moderate severity)
was published Jan 19, 2021
•
mautic/core
(Composer)
Mautic users able to download any files from server using filemanager
CVE-2017-1000490
(High severity)
was published Jan 19, 2021
•
mautic/core
(Composer)
XSS vulnerability leveraged through referrers could allow un-authorized admin access in Mautic
CVE-2020-35124
(Critical severity)
was published Jan 19, 2021
•
mautic/core
(Composer)
Query Binding Exploitation
CVE-2021-21263
(High severity)
was published Jan 19, 2021
•
illuminate/database
(Composer)
rails_admin ruby gem XSS vulnerability
CVE-2020-36190
(Moderate severity)
was published Jan 14, 2021
•
rails_admin
(RubyGems)
.dev domains and some reverse proxy setups were treated as local in Kirby
CVE-2020-26253
(Low severity)
was published Jan 14, 2021
•
getkirby/cms
(Composer)
Signature validation bypass in ServiceStack
CVE-2020-28042
(Moderate severity)
was published Jan 13, 2021
•
ServiceStack
(NuGet)
XSS in hello.js
CVE-2020-7741
(Critical severity)
was published Jan 13, 2021
•
hellojs
(npm)
Regular Expression Denial of Service in jquery-validation
CVE-2021-21252
(Moderate severity)
was published Jan 13, 2021
•
jquery-validation
(npm)
Command injection in ts-process-promises
CVE-2020-7784
(Critical severity)
was published Jan 13, 2021
•
ts-process-promises
(npm)
ProTip! Advisories are also available from the
GraphQL API.