Skip to content

GitHub Advisory Database

1,823 advisories

SQL injection in Django
CVE-2020-7471 (Moderate severity) was published Feb 11, 2020 django (pip)
Relative Path Traversal (CWE-23) in chunked uploads
CVE-2020-5237 (High severity) was published Feb 18, 2020 oneup/uploader-bundle (Composer)
Server-Side Request Forgery (SSRF) in Apache Olingo
CVE-2020-1925 (Moderate severity) was published Feb 4, 2020 org.apache.olingo:odata-client-core (Maven)
Deserialization of Untrusted Data in Apache Olingo
CVE-2019-17556 (High severity) was published Feb 4, 2020 org.apache.olingo:odata-client-proxy (Maven)
Improper Restriction of XML External Entity Reference in Apache Olingo
CVE-2019-17554 (Moderate severity) was published Feb 4, 2020 org.apache.olingo:odata-client-core (Maven)
Improper input validation in Apache Olingo
CVE-2019-17555 (Moderate severity) was published Feb 4, 2020 org.apache.olingo:odata-client-core (Maven)
Improper input validation in Apache Shiro
CVE-2019-12422 (Moderate severity) was published Feb 4, 2020 org.apache.shiro:shiro-core (Maven)
Improper Restriction of XML External Entity Reference in jackson-mapper-asl
CVE-2019-10172 (Moderate severity) was published Feb 4, 2020 org.codehaus.jackson:jackson-mapper-asl (Maven)
Catastrophic backtracking in regex allows Denial of Service
CVE-2020-5236 (Critical severity) was published Feb 4, 2020 waitress (pip)
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
CVE-2019-10782 (Moderate severity) was published Jan 31, 2020 com.puppycrawl.tools:checkstyle (Maven)
Untrusted data can lead to DoS attack due to hash collisions and stack overflow
CVE-2020-5234 (Moderate severity) was published Jan 31, 2020 MessagePack (NuGet)
Placeholder property does not indicate HTML capable, could lead to inadvertent abuse
CVE-2019-20174 (Moderate severity) was published Jan 31, 2020 auth0-lock (npm)
Malicious takeover of previously owned ENS names
CVE-2020-5232 (Critical severity) was published Jan 30, 2020 @ensdomains/ens (npm)
Authentication Bypass For Endpoints With Anonymous Access
CVE-2020-5206 (Critical severity) was published Jan 30, 2020 org.opencastproject:opencast-kernel (Maven)
Users with ROLE_COURSE_ADMIN can create new users
CVE-2020-5231 (Moderate severity) was published Jan 30, 2020 org.opencastproject:opencast-kernel (Maven)
Hard-Coded Key Used For Remember-me Token
CVE-2020-5222 (Moderate severity) was published Jan 30, 2020 org.opencastproject:opencast-kernel (Maven)
Unsafe Identifiers
CVE-2020-5230 (Moderate severity) was published Jan 30, 2020 org.opencastproject:base (Maven)
Password Hashing: Do not use MD5
CVE-2020-5229 (Low severity) was published Jan 30, 2020 org.opencastproject:opencast-common-jpa-impl (Maven)
Unauthenticated Access Via OAI-PMH
CVE-2020-5228 (High severity) was published Jan 30, 2020 org.opencastproject:opencast-oaipmh-api (Maven)
Cross-site scripting vulnerability in TinyMCE
GHSA-27gm-ghr9-4v95 (High severity) was published Jan 30, 2020 tinymce (npm)
Stored XSS vulnerability
CVE-2019-15607 (Low severity) was published Jan 30, 2020 node-red (npm)
Feedgen Vulnerable Against XML Denial of Service Attacks
CVE-2020-5227 (High severity) was published Jan 28, 2020 feedgen (pip)
Unrestricted upload of file with dangerous type in Apache Solr
CVE-2019-12409 (High severity) was published Jan 28, 2020 org.apache.solr:solr-core (Maven)
Segmentation fault when converting a Python string to `tf.float16`
CVE-2020-5215 (High severity) was published Jan 28, 2020 tensorflow (pip)
XSS in Dolibarr ERP & CRM
CVE-2020-7996 (Moderate severity) was published Jan 28, 2020 dolibarr/dolibarr (Composer)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.