Skip to content

GitHub Advisory Database

3,637 advisories

Arbitrary code execution in ExifTool
GHSA-4whq-r978-2x68 (High severity) was published May 4, 2021 exiftool-vendored (npm)
boardhead wbowling
Bypass of fix for CVE-2020-26231, Twig sandbox escape
CVE-2021-21264 (Low severity) was published May 4, 2021 october/cms (Composer)
Object injection in PHPMailer/PHPMailer
CVE-2020-36326 (High severity) was published May 4, 2021 PHPMailer/PHPMailer (Composer)
Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8
CVE-2021-31409 (High severity) was published May 4, 2021 com.vaadin:vaadin-compatibility-server (Maven)
Improper Input Validation and Loop with Unreachable Exit Condition ('Infinite Loop') in cumulative-distribution-function
CVE-2021-29486 (High severity) was published May 4, 2021 cumulative-distribution-function (npm)
Logic error in Legion of the Bouncy Castle BC Java
CVE-2020-28052 (Critical severity) was published Apr 30, 2021 org.bouncycastle:bcprov-ext-jdk15on (Maven)
DOM XSS in Theme Preview
CVE-2021-29484 (Moderate severity) was published Apr 29, 2021 ghost (npm)
paul-gerste-sonarsource
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
CVE-2021-30492 (Critical severity) was published Apr 29, 2021 zendesk/zendesk_api_client_php (Composer)
SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database
GHSA-4mg9-vhxq-vm7j (High severity) was published Apr 29, 2021 illuminate/database (Composer)
Cross-Site Scripting
CVE-2021-26722 (Moderate severity) was published Apr 30, 2021 oncall (pip)
HTTP Request Smuggling in Undertow
CVE-2020-10719 (Moderate severity) was published Apr 30, 2021 io.thorntail:undertow (Maven)
Improper Restriction of Operations within the Bounds of a Memory Buffer in Undertow
CVE-2020-10705 (Moderate severity) was published Apr 30, 2021 io.thorntail:undertow (Maven)
HTTP Request Smuggling in Undertow
CVE-2020-10687 (Moderate severity) was published Apr 30, 2021 io.thorntail:undertow (Maven)
Cross-site Scripting in gon
CVE-2020-25739 (Moderate severity) was published Apr 30, 2021 gon (RubyGems)
Improper Authentication in Apache Hadoop
CVE-2018-11765 (High severity) was published Apr 30, 2021 org.apache.hadoop:hadoop-main (Maven)
Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix
CVE-2020-5412 (Moderate severity) was published Apr 30, 2021 org.springframework.cloud:spring-cloud-netflix (Maven)
Improper Input Validation in Spring Framework
CVE-2020-5421 (High severity) was published Apr 30, 2021 org.springframework:spring-framework-bom (Maven)
Insecure Deserialization of untrusted data in rmccue/requests
CVE-2021-29476 (Critical severity) was published Apr 29, 2021 rmccue/requests (Composer)
xknown whyisjake
Missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composer
CVE-2021-29472 (High severity) was published Apr 29, 2021 composer/composer (Composer)
thomas-chauchefoin-sonarsource
Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby
CVE-2021-29460 (High severity) was published Apr 30, 2021 getkirby/cms (Composer)
sreenathr10
Authentication bypass for specific endpoint
CVE-2021-29442 (High severity) was published Apr 27, 2021 com.alibaba.nacos:nacos-common (Maven)
Authentication Bypass
CVE-2021-29441 (High severity) was published Apr 27, 2021 com.alibaba.nacos:nacos-common (Maven)
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin
CVE-2021-21429 (Low severity) was published Apr 29, 2021 org.openapitools:openapi-generator-maven-plugin (Maven)
JLLeitschuh
Cross-Site Scripting in Bootstrap Package
CVE-2021-21365 (Moderate severity) was published Apr 29, 2021 bk2k/bootstrap-package (Composer)
ohader
Information Disclosure
CVE-2021-31671 (Moderate severity) was published Apr 27, 2021 pgsync (RubyGems)
ProTip! Advisories are also available from the GraphQL API