Skip to content

GitHub Advisory Database

1,821 advisories

Regular Expression Denial of Service in Acorn
GHSA-6chw-6frg-f759 (Moderate severity) was published Apr 3, 2020 acorn (npm)
Prototype pollution in minimist
CVE-2020-7598 (High severity) was published Apr 3, 2020 minimist (npm)
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting)
CVE-2020-7622 (Low severity) was published Apr 3, 2020 io.jooby:jooby-netty (Maven)
Uncontrolled Resource Consumption in Pillow
CVE-2019-19911 (Moderate severity) was published Apr 1, 2020 Pillow (pip)
XSS in seeftl
CVE-2019-15603 (Moderate severity) was published Apr 1, 2020 seeftl (npm)
XSS in fileview
CVE-2019-15602 (Moderate severity) was published Apr 1, 2020 fileview (npm)
Out-of-bounds Read in Pillow
CVE-2020-5313 (Moderate severity) was published Apr 1, 2020 Pillow (pip)
XSS in MITREid Connect
CVE-2020-5497 (Moderate severity) was published Apr 1, 2020 org.mitre:openid-connect-server (Maven)
XSS in knockout
CVE-2019-14862 (Moderate severity) was published Apr 1, 2020 knockout (npm)
Improper Verification of Cryptographic Signature in Pure-Python ECDSA
CVE-2019-14859 (Moderate severity) was published Apr 1, 2020 ecdsa (pip)
Denial of Service in ecstatic
CVE-2019-10775 (Moderate severity) was published Apr 1, 2020 ecstatic (npm)
Type checking vulnerability in kind-of
CVE-2019-20149 (Moderate severity) was published Mar 31, 2020 kind-of (npm)
Path Traversal in http_server
CVE-2019-15600 (Moderate severity) was published Mar 31, 2020 http_server (npm)
Path Traversal in statics-server
CVE-2019-15596 (Moderate severity) was published Mar 31, 2020 statics-server (npm)
Improper Input Validation in Twisted
CVE-2020-10108 (High severity) was published Mar 31, 2020 Twisted (pip)
Improper Input Validation in Twisted
CVE-2020-10109 (High severity) was published Mar 31, 2020 Twisted (pip)
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request Header Injection')
CVE-2020-7611 (Moderate severity) was published Mar 30, 2020 io.micronaut:micronaut-http-client (Maven)
Directory Traversal in Next.js versions below 9.3.2
CVE-2020-5284 (Moderate severity) was published Mar 30, 2020 next (npm)
Read permissions not enforced for client provided filter expressions.
CVE-2020-5289 (High severity) was published Mar 30, 2020 com.yahoo.elide:elide-core (Maven)
All rules set in "access_control" are required when the firewall is configured with the unanimous strategy
CVE-2020-5275 (High severity) was published Mar 30, 2020 symfony/security (Composer)
Fix Exception message escaping rendered by ErrorHandler
CVE-2020-5274 (Moderate severity) was published Mar 30, 2020 symfony/http-foundation (Composer)
Prevent cache poisoning via a Response Content-Type header
CVE-2020-5255 (Low severity) was published Mar 30, 2020 symfony/http-foundation (Composer)
regular expression denial-of-service (ReDoS) in BleachSanitizerFilter.sanitize_css gauntlet regular expression
CVE-2020-6817 (Moderate severity) was published Mar 30, 2020 bleach (pip)
VVE-2020-0001: Interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
GHSA-mr6r-mvw4-736g (Low severity) was published Mar 25, 2020 vyper (pip)
Local file inclusion vulnerability in FileService, ResourceService, WebjarService
CVE-2020-5280 (Critical severity) was published Mar 25, 2020 org.http4s:http4s-server_2.12 (Maven)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.