Skip to content

GitHub Advisory Database

1,736 advisories

XSS due to insufficient escape in dojox.xmpp.util.xmlEncode
CVE-2019-10785 (Low severity) was published Feb 13, 2020 dojox (npm)
Improper link resolution before file access (Link Following)
CVE-2019-10773 (Moderate severity) was published Feb 14, 2020 yarn (npm)
OS command injection in BibTeX-Ruby
CVE-2019-10780 (High severity) was published Feb 14, 2020 bibtex-ruby (RubyGems)
OS command injection in aws-lambda
CVE-2019-10777 (High severity) was published Feb 14, 2020 aws-lambda (npm)
OS command injection in git-diff-apply
CVE-2019-10776 (High severity) was published Feb 14, 2020 git-diff-apply (npm)
XSS in AngularJS
CVE-2019-14863 (Moderate severity) was published Feb 14, 2020 angular (npm)
Code injection in node-df
CVE-2019-15597 (High severity) was published Feb 14, 2020 node-df (npm)
XSS/Script injection vulnerability
CVE-2020-5241 (High severity) was published Feb 12, 2020 matestack-ui-core (RubyGems)
Improper Input Validation in Symfony
CVE-2019-11325 (High severity) was published Feb 12, 2020 symfony/symfony (Composer)
SQL injection in Centreon
CVE-2019-16194 (High severity) was published Feb 11, 2020 centreon/centreon (Composer)
Deserialization of untrusted data in Symfony
CVE-2019-10912 (Moderate severity) was published Feb 12, 2020 symfony/cache (Composer)
Improper authentication in Symfony
CVE-2019-10911 (High severity) was published Feb 12, 2020 symfony/security (Composer)
Improper Input Validation in Apache Solr
CVE-2019-17558 (Moderate severity) was published Feb 12, 2020 org.apache.solr:solr-core (Maven)
URL Redirection to Untrusted Site (Open Redirect) in Ktor
CVE-2019-19703 (Moderate severity) was published Feb 12, 2020 io.ktor:ktor-client-core (Maven)
SQL injection in Django
CVE-2020-7471 (Moderate severity) was published Feb 11, 2020 django (pip)
Server-Side Request Forgery (SSRF) in Apache Olingo
CVE-2020-1925 (Moderate severity) was published Feb 4, 2020 org.apache.olingo:odata-client-core (Maven)
Deserialization of Untrusted Data in Apache Olingo
CVE-2019-17556 (High severity) was published Feb 4, 2020 org.apache.olingo:odata-client-proxy (Maven)
Improper Restriction of XML External Entity Reference in Apache Olingo
CVE-2019-17554 (Moderate severity) was published Feb 4, 2020 org.apache.olingo:odata-client-core (Maven)
Improper input validation in Apache Olingo
CVE-2019-17555 (Moderate severity) was published Feb 4, 2020 org.apache.olingo:odata-client-core (Maven)
Improper input validation in Apache Shiro
CVE-2019-12422 (Moderate severity) was published Feb 4, 2020 org.apache.shiro:shiro-core (Maven)
Improper Restriction of XML External Entity Reference in jackson-mapper-asl
CVE-2019-10172 (Moderate severity) was published Feb 4, 2020 org.codehaus.jackson:jackson-mapper-asl (Maven)
Catastrophic backtracking in regex allows Denial of Service
CVE-2020-5236 (Critical severity) was published Feb 4, 2020 waitress (pip)
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
CVE-2019-10782 (Moderate severity) was published Jan 31, 2020 com.puppycrawl.tools:checkstyle (Maven)
Untrusted data can lead to DoS attack due to hash collisions and stack overflow
CVE-2020-5234 (Moderate severity) was published Jan 31, 2020 MessagePack (NuGet)
Placeholder property does not indicate HTML capable, could lead to inadvertent abuse
CVE-2019-20174 (Moderate severity) was published Jan 31, 2020 auth0-lock (npm)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.