Skip to content

GitHub Advisory Database

92 advisories

Local file inclusion vulnerability in FileService, ResourceService, WebjarService
CVE-2020-5280 (Critical severity) was published Mar 25, 2020 org.http4s:http4s-server_2.12 (Maven)
Improper Authentication in requests-kerberos
CVE-2014-8650 (Critical severity) was published Mar 10, 2020 requests-kerberos (pip)
2016-12-30 Remote code execution
CVE-2016-10045 (Critical severity) was published Mar 5, 2020 phpmailer/phpmailer (Composer)
2016-12-30 Remote code execution
CVE-2016-10033 (Critical severity) was published Mar 5, 2020 phpmailer/phpmailer (Composer)
Catastrophic backtracking in regex allows Denial of Service
CVE-2020-5236 (Critical severity) was published Feb 4, 2020 waitress (pip)
Malicious takeover of previously owned ENS names
CVE-2020-5232 (Critical severity) was published Jan 30, 2020 @ensdomains/ens (npm)
Authentication Bypass For Endpoints With Anonymous Access
CVE-2020-5206 (Critical severity) was published Jan 30, 2020 org.opencastproject:opencast-kernel (Maven)
HTTP Request Smuggling: Content-Length Sent Twice
GHSA-4ppp-gpcr-7qf6 (Critical severity) was published Dec 20, 2019 waitress (pip)
HTTP Request Smuggling: Invalid Transfer-Encoding
CVE-2019-16786 (Critical severity) was published Dec 20, 2019 waitress (pip)
HTTP Request Smuggling: LF vs CRLF handling in Waitress
CVE-2019-16785 (Critical severity) was published Dec 20, 2019 waitress (pip)
The lodahs package for Node.js is a Trojan horse
CVE-2019-19771 (Critical severity) was published Dec 16, 2019 lodahs (npm)
Remote Code Execution Vulnerability due to Sandbox Bypass
CVE-2019-10769 (Critical severity) was published Dec 11, 2019 safer-eval (npm)
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
CVE-2019-10913 (Critical severity) was published Dec 2, 2019 symfony/http-foundation (Composer)
Check service IDs are valid
CVE-2019-10910 (Critical severity) was published Nov 18, 2019 symfony/dependency-injection (Composer)
Validator parsing discrepancy due to string encoding
CVE-2019-16761 (Critical severity) was published Nov 15, 2019 slp-validate (npm)
Validator parsing discrepancy due to string encoding
CVE-2019-16762 (Critical severity) was published Nov 15, 2019 slpjs (npm)
Malicious payload execution possible due to polymorphic typing issue
CVE-2019-17531 (Critical severity) was published Nov 13, 2019 com.fasterxml.jackson.core:jackson-databind (Maven)
Elevated privileges or user impersonation possible due to incorrect validation of cryptographic signatures in XML messages
CVE-2019-3465 (Critical severity) was published Nov 8, 2019 robrichards/xmlseclibs (Composer)
sandbox breach via rewrite transformer
GHSA-7cg8-pq9v-x98q (Critical severity) was published Oct 21, 2019 realms-shim (npm)
realms-shim / SES sandbox escapes
GHSA-6jg8-7333-554w (Critical severity) was published Oct 4, 2019 realms-shim (npm)
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is rela...
CVE-2019-14540 (Critical severity) was published Sep 23, 2019 com.fasterxml.jackson.core:jackson-databind (Maven)
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is rela...
CVE-2019-16335 (Critical severity) was published Sep 23, 2019 com.fasterxml.jackson.core:jackson-databind (Maven)
Account takeover and privilege escalation is possible in applications generated by generator-jhipster before 6.3.0.
GHSA-mwp6-j9wf-968c (Critical severity) was published Sep 13, 2019 generator-jhipster (npm)
'getStaticValue' function can execute arbitrary code
CVE-2019-15657 (Critical severity) was published Aug 26, 2019 eslint-utils (npm)
The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a co...
CVE-2019-15224 (Critical severity) was published Aug 20, 2019 awesome-bot (RubyGems)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.