close
The Wayback Machine - https://web.archive.org/web/20210502170712/https://github.com/advisories
Skip to content
Image

GitHub Advisory Database

3,632 advisories

Logic error in Legion of the Bouncy Castle BC Java
CVE-2020-28052 (Critical severity) was published Apr 30, 2021 org.bouncycastle:bcprov-ext-jdk15on (Maven)
DOM XSS in Theme Preview
CVE-2021-29484 (Moderate severity) was published Apr 29, 2021 ghost (npm)
paul-gerste-sonarsource
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
CVE-2021-30492 (Critical severity) was published Apr 29, 2021 zendesk/zendesk_api_client_php (Composer)
SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database
GHSA-4mg9-vhxq-vm7j (High severity) was published Apr 29, 2021 illuminate/database (Composer)
Cross-Site Scripting
CVE-2021-26722 (Moderate severity) was published Apr 30, 2021 oncall (pip)
HTTP Request Smuggling in Undertow
CVE-2020-10719 (Moderate severity) was published Apr 30, 2021 io.thorntail:undertow (Maven)
Improper Restriction of Operations within the Bounds of a Memory Buffer in Undertow
CVE-2020-10705 (Moderate severity) was published Apr 30, 2021 io.thorntail:undertow (Maven)
HTTP Request Smuggling in Undertow
CVE-2020-10687 (Moderate severity) was published Apr 30, 2021 io.thorntail:undertow (Maven)
Cross-site Scripting in gon
CVE-2020-25739 (Moderate severity) was published Apr 30, 2021 gon (RubyGems)
Improper Authentication in Apache Hadoop
CVE-2018-11765 (High severity) was published Apr 30, 2021 org.apache.hadoop:hadoop-main (Maven)
Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix
CVE-2020-5412 (Moderate severity) was published Apr 30, 2021 org.springframework.cloud:spring-cloud-netflix (Maven)
Improper Input Validation in Spring Framework
CVE-2020-5421 (High severity) was published Apr 30, 2021 org.springframework:spring-framework-bom (Maven)
Insecure Deserialization of untrusted data in rmccue/requests
CVE-2021-29476 (Critical severity) was published Apr 29, 2021 rmccue/requests (Composer)
xknown whyisjake
Missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composer
CVE-2021-29472 (High severity) was published Apr 29, 2021 composer/composer (Composer)
thomas-chauchefoin-sonarsource
Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby
CVE-2021-29460 (High severity) was published Apr 30, 2021 getkirby/cms (Composer)
sreenathr10
Authentication bypass for specific endpoint
CVE-2021-29442 (High severity) was published Apr 27, 2021 com.alibaba.nacos:nacos-common (Maven)
Authentication Bypass
CVE-2021-29441 (High severity) was published Apr 27, 2021 com.alibaba.nacos:nacos-common (Maven)
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin
CVE-2021-21429 (Low severity) was published Apr 29, 2021 org.openapitools:openapi-generator-maven-plugin (Maven)
JLLeitschuh
Cross-Site Scripting in Bootstrap Package
CVE-2021-21365 (Moderate severity) was published Apr 29, 2021 bk2k/bootstrap-package (Composer)
ohader
Information Disclosure
CVE-2021-31671 (Moderate severity) was published Apr 27, 2021 pgsync (RubyGems)
Path Traversal and Improper Input Validation in Apache Commons IO
CVE-2021-29425 (Moderate severity) was published Apr 26, 2021 commons-io:commons-io (Maven)
Forced Browsing in Twisted
CVE-2016-1000111 (Moderate severity) was published Apr 30, 2021 twisted (pip)
Potential exponential regex in monitor mode
CVE-2021-29469 (Low severity) was published Apr 27, 2021 redis (npm)
erik-krogh
Plaintext password leak in Apache Superset
CVE-2020-13952 (High severity) was published Apr 30, 2021 apache-superset (pip)
Uncontrolled Resource Consumption in urllib3
CVE-2020-7212 (High severity) was published Apr 30, 2021 urllib3 (pip)
ProTip! Advisories are also available from the GraphQL API