close
The Wayback Machine - https://web.archive.org/web/20210209122937/https://github.com/advisories
Skip to content
Image

GitHub Advisory Database

3,121 advisories

Regular Expression Denial of Service (REDoS) in Marked
CVE-2021-21306 (Moderate severity) was published Feb 8, 2021 marked (npm)
Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files
CVE-2021-21290 (Low severity) was published Feb 8, 2021 io.netty:netty-codec-http (Maven)
Regular Expression Denial of Service (REDoS) in httplib2
CVE-2021-21240 (Low severity) was published Feb 8, 2021 httplib2 (pip)
Code Injection vulnerability in CarrierWave::RMagick
CVE-2021-21305 (Low severity) was published Feb 8, 2021 carrierwave (RubyGems)
Server-side request forgery in CarrierWave
CVE-2021-21288 (Low severity) was published Feb 8, 2021 carrierwave (RubyGems)
Prototype Pollution in Dynamoose
CVE-2021-21304 (Moderate severity) was published Feb 8, 2021 dynamoose (npm)
Key Caching behavior in the DynamoDB Encryption Client.
GHSA-4ph2-8337-hm62 (Low severity) was published Feb 8, 2021 dynamodb-encryption-sdk (pip)
Key Caching behavior in the DynamoDB Encryption Client.
GHSA-w736-hf9p-qqh3 (Low severity) was published Feb 8, 2021 com.amazonaws:aws-dynamodb-encryption-java (Maven)
Open redirect in Slashify
CVE-2021-3189 (High severity) was published Feb 5, 2021 slashify (npm)
Code injection in Apache Ant
CVE-2020-11979 (High severity) was published Feb 3, 2021 org.apache.ant:ant (Maven)
Command injection in total.js
CVE-2020-28494 (High severity) was published Feb 5, 2021 total.js (npm)
Prototype pollution in total.js
CVE-2020-28495 (High severity) was published Feb 5, 2021 total.js (npm)
Prototype pollution in dotty
CVE-2021-25912 (Moderate severity) was published Feb 5, 2021 dotty (npm)
Unbounded connection acceptance in http4s-blaze-server
CVE-2021-21294 (High severity) was published Feb 2, 2021 org.http4s:http4s-blaze-server_2.12 (Maven)
Unbounded connection acceptance leads to file handle exhaustion
CVE-2021-21293 (High severity) was published Feb 2, 2021 org.http4s:blaze-core_2.11 (Maven)
Command Injection Vulnerability in Mechanize
CVE-2021-21289 (Low severity) was published Feb 2, 2021 mechanize (RubyGems)
Cross-site scripting in Bleach
GHSA-vv2x-vrpj-qqpq (Moderate severity) was published Feb 2, 2021 bleach (pip)
Unexpected database bindings
GHSA-x7p5-p2c9-phvg (High severity) was published Feb 2, 2021 illuminate/database (Composer)
Reflected Cross-site Scripting in ACS Commons
CVE-2021-21028 (High severity) was published Feb 2, 2021 com.adobe.acs:acs-aem-commons (Maven)
Denial of Service in uap-core
GHSA-p4pj-mg4r-x6v4 (High severity) was published Feb 2, 2021 uap-core (npm)
Angular Expressions - Remote Code Execution
CVE-2021-21277 (Low severity) was published Feb 1, 2021 angular-expressions (npm)
Prototype pollution in nested-object-assign
CVE-2021-23329 (High severity) was published Feb 1, 2021 nested-object-assign (npm)
Regular expression Denial of Service in Markdown plugin
CVE-2021-21254 (Low severity) was published Jan 29, 2021 @ckeditor/ckeditor5-markdown-gfm (npm)
Processing untrusted theming resources might execute arbitrary code (ACE)
GHSA-3crj-w4f5-gwh4 (High severity) was published Jan 29, 2021 less-openui5 (npm)
Steam Socialite Provider v1 does not correctly validate openid server
GHSA-hhw9-35p2-q2c5 (Critical severity) was published Jan 29, 2021 socialiteproviders/steam (Composer)
ProTip! Advisories are also available from the GraphQL API.