GitHub Advisory Database
3,608 advisories
Filter by severity
Authentication bypass for specific endpoint
CVE-2021-29442
(High severity)
was published Apr 27, 2021
•
com.alibaba.nacos:nacos-common
(Maven)
Authentication Bypass
CVE-2021-29441
(High severity)
was published Apr 27, 2021
•
com.alibaba.nacos:nacos-common
(Maven)
Information Disclosure
CVE-2021-31671
(Moderate severity)
was published Apr 27, 2021
•
pgsync
(RubyGems)
Path Traversal and Improper Input Validation in Apache Commons IO
CVE-2021-29425
(Moderate severity)
was published Apr 26, 2021
•
commons-io:commons-io
(Maven)
Potential exponential regex in monitor mode
CVE-2021-29469
(Low severity)
was published Apr 27, 2021
•
redis
(npm)
Local information disclosure via system temporary directory
CVE-2021-28168
(Moderate severity)
was published Apr 23, 2021
•
org.glassfish.jersey.core:jersey-common
(Maven)
Uncontrolled Resource Consumption in pillow
GHSA-jgpv-4h4c-xhw3
(Moderate severity)
was published Apr 23, 2021
•
pillow
(pip)
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
GHSA-6hgr-2g6q-3rmc
(Moderate severity)
was published Apr 22, 2021
•
com.vaadin:flow-client
(Maven)
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
CVE-2021-31408
(Moderate severity)
was published Apr 22, 2021
•
com.vaadin:vaadin-bom
(Maven)
Authentication bypass in Apache Shiro
CVE-2020-17510
(Critical severity)
was published Apr 22, 2021
•
org.apache.shiro:shiro-spring
(Maven)
Code Injection in oauth2-server
CVE-2017-18924
(High severity)
was published Apr 22, 2021
•
oauth2-server
(npm)
Backport for CVE-2021-21024 Blind SQLi from Magento 2
CVE-2021-21427
(Low severity)
was published Apr 22, 2021
•
openmage/magento-lts
(Composer)
Missing Authentication for Critical Function in Apache Calcite
CVE-2020-13955
(Moderate severity)
was published Apr 22, 2021
•
org.apache.calcite:calcite-core
(Maven)
Fixes a bug in Zend Framework's Stream HTTP Wrapper
CVE-2021-21426
(Low severity)
was published Apr 22, 2021
•
openmage/magento-lts
(Composer)
"Deserialization errors in MyBatis"
CVE-2020-26945
(High severity)
was published Apr 22, 2021
•
org.mybatis:mybatis
(Maven)
.NET Core Remote Code Execution Vulnerability
CVE-2021-26701
(Critical severity)
was published Apr 21, 2021
•
System.Text.Encodings.Web
(NuGet)
.NET Core Information Disclosure
CVE-2018-8292
(High severity)
was published Apr 21, 2021
•
System.Net.Http
(NuGet)
Remote Code Execution and download tracking in Mintegral SDK
CVE-2020-7744
(Moderate severity)
was published Apr 22, 2021
•
com.mintegral.msdk:alphab
(Maven)
Cross-site scripting in Apache CXF
CVE-2020-13954
(Moderate severity)
was published Apr 22, 2021
•
org.apache.cxf:apache-cxf
(Maven)
Cross-site Scripting in GwtUpload
CVE-2020-9447
(Moderate severity)
was published Apr 22, 2021
•
com.googlecode.gwtupload:gwtupload
(Maven)
XSS Cross Site Scripting
CVE-2021-29459
(Critical severity)
was published Apr 22, 2021
•
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Improper Certificate Validation in oauth ruby gem
CVE-2016-11086
(High severity)
was published Apr 22, 2021
•
oauth
(RubyGems)
Cross-Site Request Forgery in Vert.x-Web framework
CVE-2020-35217
(High severity)
was published Apr 22, 2021
•
io.vertx:vertx-web
(Maven)
Observable Differences in Behavior to Error Inputs in Bouncy Castle
CVE-2020-26939
(Moderate severity)
was published Apr 22, 2021
•
org.bouncycastle:bc-fips
(Maven)
Improper Certificate Validation in blackduck
CVE-2020-27589
(High severity)
was published Apr 20, 2021
•
blackduck
(pip)
ProTip!
Advisories are also available from the
GraphQL API