Skip to content

GitHub Advisory Database

3,814 advisories

Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic
CVE-2021-29510 (Low severity) was published May 13, 2021 pydantic (pip)
nina-j bluetech
Prevent user enumeration using Guard or the new Authenticator-based Security
CVE-2021-21424 (Moderate severity) was published May 13, 2021 symfony/security (Composer)
mbrodala chalasr
Denial of service attack via push rule patterns in matrix-synapse
CVE-2021-29471 (Low severity) was published May 13, 2021 matrix-synapse (pip)
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
CVE-2021-21430 (Moderate severity) was published May 11, 2021 org.openapitools:openapi-generator (Maven)
JLLeitschuh
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator
CVE-2021-21428 (High severity) was published May 11, 2021 org.openapitools:openapi-generator-online (Maven)
JLLeitschuh
Command injection in get-git-data
CVE-2020-7619 (High severity) was published May 10, 2021 get-git-data (npm)
Prototype Pollution in tiny-conf
CVE-2020-7724 (Critical severity) was published May 10, 2021 tiny-conf (npm)
Command Injection in geojson2kml
CVE-2020-28429 (Critical severity) was published May 10, 2021 geojson2kml (npm)
Incorrect Authorization in Spring Cloud Netflix Zuul
CVE-2021-22113 (Moderate severity) was published May 10, 2021 org.springframework.cloud:spring-cloud-netflix-zuul (Maven)
Autobinding vulnerability in MITREid Connect
CVE-2021-27582 (Critical severity) was published May 13, 2021 org.mitre:openid-connect-parent (Maven)
Injection in pomelo-monitor
CVE-2020-7620 (High severity) was published May 10, 2021 pomelo-monitor (npm)
Cross-site Scripting in quill
CVE-2021-3163 (Moderate severity) was published May 10, 2021 quill (npm)
Command Injection in @theia/messages
CVE-2021-28162 (Moderate severity) was published May 10, 2021 @theia/messages (npm)
Prototype Pollution in swiper
CVE-2021-23370 (Critical severity) was published May 10, 2021 swiper (npm)
Regular Expression Denial of Service in postcss
CVE-2021-23368 (Moderate severity) was published May 10, 2021 postcss (npm)
Improper permission handling in Apache Solr
CVE-2021-29262 (High severity) was published May 10, 2021 org.apache.solr:solr-core (Maven)
Path traversal in servey
CVE-2020-8214 (High severity) was published May 7, 2021 servey (npm)
Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet
CVE-2021-21419 (Moderate severity) was published May 7, 2021 eventlet (pip)
Deserialization of Untrusted Data in bson
CVE-2020-7610 (High severity) was published May 7, 2021 bson (npm)
Buffer overflow in canvas
CVE-2020-8215 (High severity) was published May 7, 2021 canvas (npm)
Path Traversal in marscode
CVE-2020-7681 (High severity) was published May 7, 2021 marscode (npm)
Command Injection in picotts
CVE-2021-23378 (Critical severity) was published May 7, 2021 picotts (npm)
Command Injection in onion-oled-js
CVE-2021-23377 (Critical severity) was published May 7, 2021 onion-oled-js (npm)
Command Injection in ps-visitor
CVE-2021-23374 (Critical severity) was published May 7, 2021 ps-visitor (npm)
SQL Injection in odata4j
CVE-2016-11024 (High severity) was published May 7, 2021 org.odata4j:odata4j-core (Maven)
ProTip! Advisories are also available from the GraphQL API