Skip to content

GitHub Advisory Database

3,615 advisories

DOM XSS in Theme Preview
CVE-2021-29484 (Moderate severity) was published Apr 29, 2021 ghost (npm)
paul-gerste-sonarsource
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
CVE-2021-30492 (Critical severity) was published Apr 29, 2021 zendesk/zendesk_api_client_php (Composer)
SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database
GHSA-4mg9-vhxq-vm7j (High severity) was published Apr 29, 2021 illuminate/database (Composer)
Insecure Deserialization of untrusted data in rmccue/requests
CVE-2021-29476 (Critical severity) was published Apr 29, 2021 rmccue/requests (Composer)
xknown whyisjake
Missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composer
CVE-2021-29472 (High severity) was published Apr 29, 2021 composer/composer (Composer)
thomas-chauchefoin-sonarsource
Authentication bypass for specific endpoint
CVE-2021-29442 (High severity) was published Apr 27, 2021 com.alibaba.nacos:nacos-common (Maven)
Authentication Bypass
CVE-2021-29441 (High severity) was published Apr 27, 2021 com.alibaba.nacos:nacos-common (Maven)
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin
CVE-2021-21429 (Low severity) was published Apr 29, 2021 org.openapitools:openapi-generator-maven-plugin (Maven)
JLLeitschuh
Cross-Site Scripting in Bootstrap Package
CVE-2021-21365 (Moderate severity) was published Apr 29, 2021 bk2k/bootstrap-package (Composer)
ohader
Information Disclosure
CVE-2021-31671 (Moderate severity) was published Apr 27, 2021 pgsync (RubyGems)
Path Traversal and Improper Input Validation in Apache Commons IO
CVE-2021-29425 (Moderate severity) was published Apr 26, 2021 commons-io:commons-io (Maven)
Potential exponential regex in monitor mode
CVE-2021-29469 (Low severity) was published Apr 27, 2021 redis (npm)
erik-krogh
Local information disclosure via system temporary directory
CVE-2021-28168 (Moderate severity) was published Apr 23, 2021 org.glassfish.jersey.core:jersey-common (Maven)
JLLeitschuh
Uncontrolled Resource Consumption in pillow
GHSA-jgpv-4h4c-xhw3 (Moderate severity) was published Apr 23, 2021 pillow (pip)
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
GHSA-6hgr-2g6q-3rmc (Moderate severity) was published Apr 22, 2021 com.vaadin:flow-client (Maven)
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
CVE-2021-31408 (Moderate severity) was published Apr 22, 2021 com.vaadin:vaadin-bom (Maven)
Authentication bypass in Apache Shiro
CVE-2020-17510 (Critical severity) was published Apr 22, 2021 org.apache.shiro:shiro-spring (Maven)
Code Injection in oauth2-server
CVE-2017-18924 (High severity) was published Apr 22, 2021 oauth2-server (npm)
Backport for CVE-2021-21024 Blind SQLi from Magento 2
CVE-2021-21427 (Low severity) was published Apr 22, 2021 openmage/magento-lts (Composer)
Missing Authentication for Critical Function in Apache Calcite
CVE-2020-13955 (Moderate severity) was published Apr 22, 2021 org.apache.calcite:calcite-core (Maven)
Fixes a bug in Zend Framework's Stream HTTP Wrapper
CVE-2021-21426 (Low severity) was published Apr 22, 2021 openmage/magento-lts (Composer)
"Deserialization errors in MyBatis"
CVE-2020-26945 (High severity) was published Apr 22, 2021 org.mybatis:mybatis (Maven)
.NET Core Remote Code Execution Vulnerability
CVE-2021-26701 (Critical severity) was published Apr 21, 2021 System.Text.Encodings.Web (NuGet)
.NET Core Information Disclosure
CVE-2018-8292 (High severity) was published Apr 21, 2021 System.Net.Http (NuGet)
Remote Code Execution and download tracking in Mintegral SDK
CVE-2020-7744 (Moderate severity) was published Apr 22, 2021 com.mintegral.msdk:alphab (Maven)
ProTip! Advisories are also available from the GraphQL API