Skip to content

GitHub Advisory Database

1,810 advisories

Type checking vulnerability in kind-of
CVE-2019-20149 (Moderate severity) was published Mar 31, 2020 kind-of (npm)
Path Traversal in http_server
CVE-2019-15600 (Moderate severity) was published Mar 31, 2020 http_server (npm)
Path Traversal in statics-server
CVE-2019-15596 (Moderate severity) was published Mar 31, 2020 statics-server (npm)
Improper Input Validation in Twisted
CVE-2020-10108 (High severity) was published Mar 31, 2020 Twisted (pip)
Improper Input Validation in Twisted
CVE-2020-10109 (High severity) was published Mar 31, 2020 Twisted (pip)
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request Header Injection')
CVE-2020-7611 (Moderate severity) was published Mar 30, 2020 io.micronaut:micronaut-http-client (Maven)
Directory Traversal in Next.js versions below 9.3.2
CVE-2020-5284 (Moderate severity) was published Mar 30, 2020 next (npm)
Read permissions not enforced for client provided filter expressions.
CVE-2020-5289 (High severity) was published Mar 30, 2020 com.yahoo.elide:elide-core (Maven)
All rules set in "access_control" are required when the firewall is configured with the unanimous strategy
CVE-2020-5275 (High severity) was published Mar 30, 2020 symfony/security (Composer)
Fix Exception message escaping rendered by ErrorHandler
CVE-2020-5274 (Moderate severity) was published Mar 30, 2020 symfony/http-foundation (Composer)
Prevent cache poisoning via a Response Content-Type header
CVE-2020-5255 (Low severity) was published Mar 30, 2020 symfony/http-foundation (Composer)
regular expression denial-of-service (ReDoS) in BleachSanitizerFilter.sanitize_css gauntlet regular expression
CVE-2020-6817 (Moderate severity) was published Mar 30, 2020 bleach (pip)
VVE-2020-0001: Interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
GHSA-mr6r-mvw4-736g (Low severity) was published Mar 25, 2020 vyper (pip)
Local file inclusion vulnerability in FileService, ResourceService, WebjarService
CVE-2020-5280 (Critical severity) was published Mar 25, 2020 org.http4s:http4s-server_2.12 (Maven)
Missing Token Replay Detection
CVE-2020-5261 (High severity) was published Mar 25, 2020 Sustainsys.Saml2 (NuGet)
Incorrect Account Used for Signing
GHSA-vg44-fw64-cpjx (High severity) was published Mar 24, 2020 @metamask/eth-ledger-bridge-keyring (npm)
Python Auditing Vulnerability
CVE-2020-5252 (Low severity) was published Mar 24, 2020 safety (pip)
mutation XSS via whitelisted math or svg and RCDATA tag with strip=False
CVE-2020-6816 (Moderate severity) was published Mar 24, 2020 bleach (pip)
Possible XSS vulnerability in ActionView
CVE-2020-5267 (Moderate severity) was published Mar 19, 2020 actionview (RubyGems)
GitHub personal access token leaking into temporary EasyBuild (debug) logs
CVE-2020-5262 (Moderate severity) was published Mar 19, 2020 easybuild-framework (pip)
Insufficient Nonce Validation in Client
CVE-2019-19135 (Moderate severity) was published Mar 16, 2020 org.eclipse.milo:sdk-client (Maven)
Potential buffer overflow
CVE-2020-10571 (Moderate severity) was published Mar 16, 2020 psd-tools (pip)
2FA bypass through deleting devices
CVE-2020-5240 (High severity) was published Mar 13, 2020 wagtail-2fa (pip)
Sort order SQL injection
CVE-2020-5257 (High severity) was published Mar 13, 2020 administrate (RubyGems)
ESLint dependencies are vulnerable (ReDoS and Prototype Pollution)
CVE-2020-7598 (Moderate severity) was published Mar 13, 2020 acorn (npm)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.