Skip to content

GitHub Advisory Database

1,749 advisories

Remote Code Execution (RCE) vulnerability in dropwizard-validation <2.0.2
CVE-2020-5245 (High severity) was published Feb 24, 2020 io.dropwizard:dropwizard-validation (Maven)
BuddyPress private data exposure via REST API
CVE-2020-5244 (High severity) was published Feb 24, 2020 buddypress/buddypress (Composer)
Code blocks not escaping HTML when lacking a language identifier
GHSA-9r27-994c-4xch (High severity) was published Feb 24, 2020 discord-markdown (npm)
Denial of Service in uap-core <=0.7.2 when processing crafted User-Agent strings
CVE-2020-5243 (High severity) was published Feb 20, 2020 uap-core (npm)
HTTP Request Smuggling in Netty
CVE-2020-7238 (Moderate severity) was published Feb 21, 2020 io.netty:netty-handler (Maven)
HTTP Request Smuggling in Netty
CVE-2019-20444 (Moderate severity) was published Feb 21, 2020 io.netty:netty-handler (Maven)
HTTP Request Smuggling in Netty
CVE-2019-20445 (Moderate severity) was published Feb 21, 2020 io.netty:netty-handler (Maven)
mutation XSS in bleach.clean when noscript and raw tag whitelisted
GHSA-q65m-pv3f-wr5r (Moderate severity) was published Feb 24, 2020 bleach (pip)
taffy can allow access to any data items in the DB
CVE-2019-10790 (High severity) was published Feb 19, 2020 taffy (npm)
Reflected XSS in SilverStripe
CVE-2019-19325 (High severity) was published Feb 24, 2020 silverstripe/framework (Composer)
codecov NPM module allows remote attackers to execute arbitrary commands
CVE-2020-7597 (Moderate severity) was published Feb 19, 2020 codecov (npm)
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation
CVE-2020-7595 (Moderate severity) was published Feb 24, 2020 nokogiri (RubyGems)
XSS due to insufficient escape in dojox.xmpp.util.xmlEncode
CVE-2019-10785 (Low severity) was published Feb 13, 2020 dojox (npm)
Improper link resolution before file access (Link Following)
CVE-2019-10773 (Moderate severity) was published Feb 14, 2020 yarn (npm)
OS command injection in BibTeX-Ruby
CVE-2019-10780 (High severity) was published Feb 14, 2020 bibtex-ruby (RubyGems)
OS command injection in aws-lambda
CVE-2019-10777 (High severity) was published Feb 14, 2020 aws-lambda (npm)
OS command injection in git-diff-apply
CVE-2019-10776 (High severity) was published Feb 14, 2020 git-diff-apply (npm)
XSS in AngularJS
CVE-2019-14863 (Moderate severity) was published Feb 14, 2020 angular (npm)
Code injection in node-df
CVE-2019-15597 (High severity) was published Feb 14, 2020 node-df (npm)
XSS/Script injection vulnerability
CVE-2020-5241 (High severity) was published Feb 12, 2020 matestack-ui-core (RubyGems)
Improper Input Validation in Symfony
CVE-2019-11325 (High severity) was published Feb 12, 2020 symfony/symfony (Composer)
SQL injection in Centreon
CVE-2019-16194 (High severity) was published Feb 11, 2020 centreon/centreon (Composer)
Deserialization of untrusted data in Symfony
CVE-2019-10912 (Moderate severity) was published Feb 12, 2020 symfony/cache (Composer)
Improper authentication in Symfony
CVE-2019-10911 (High severity) was published Feb 12, 2020 symfony/security (Composer)
Improper Input Validation in Apache Solr
CVE-2019-17558 (Moderate severity) was published Feb 12, 2020 org.apache.solr:solr-core (Maven)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.