Skip to content

GitHub Advisory Database

1,896 advisories

Cross-site Scripting in jQuery
CVE-2020-7656 (Moderate severity) was published May 20, 2020 jquery (npm)
CWE-93 CRLF injection in httplib2
CVE-2020-11078 (Low severity) was published May 20, 2020 httplib2 (pip)
Python Image Library (PIL) allows symlink attacks
CVE-2014-1933 (Moderate severity) was published May 18, 2020 Pillow (pip)
Backend Same-Site Request Forgery
CVE-2020-11069 (High severity) was published May 13, 2020 typo3/cms-core (Composer)
Insecure Deserialization in Backend User Settings
CVE-2020-11067 (High severity) was published May 13, 2020 typo3/cms-core (Composer)
Class destructors causing side-effects when being unserialized
CVE-2020-11066 (High severity) was published May 13, 2020 typo3/cms-core (Composer)
Cross-Site Scripting in Link Handling
CVE-2020-11065 (Moderate severity) was published May 13, 2020 typo3/cms-core (Composer)
Cross-Site Scripting in Form Engine
CVE-2020-11064 (Moderate severity) was published May 13, 2020 typo3/cms-core (Composer)
Information Disclosure in Password Reset
CVE-2020-11063 (Low severity) was published May 13, 2020 typo3/cms-core (Composer)
Cross-Site Scripting in SVG Sanitizer
CVE-2020-11070 (Moderate severity) was published May 13, 2020 t3g/svg-sanitizer (Composer)
Arbitrary file write in actionpack-page_caching gem
CVE-2020-8159 (High severity) was published May 13, 2020 actionpack-page_caching (RubyGems)
Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory.
CVE-2018-21233 (Moderate severity) was published May 13, 2020 tensorflow (pip)
assets: path traversal
CVE-2020-7647 (Moderate severity) was published May 13, 2020 io.jooby:jooby (Maven)
curlrequest allows execution of arbitrary commands
CVE-2020-7646 (High severity) was published May 13, 2020 curlrequest (npm)
False-negative validation results in MINT transactions with invalid baton
CVE-2020-11072 (Critical severity) was published May 12, 2020 slp-validate (npm)
False-negative validation results in MINT transactions with invalid baton
CVE-2020-11071 (Critical severity) was published May 12, 2020 slpjs (npm)
Exposure of Sensitive Information to an Unauthorized Actor in Apache Kafka
CVE-2019-12399 (Moderate severity) was published May 12, 2020 org.apache.kafka:kafka (Maven)
Cross-site scripting vulnerability in TinyMCE
CVE-2019-1010091 (Moderate severity) was published May 11, 2020 tinymce (npm)
Potential SSTI vulnerability when using custom fields in Notification Emails
CVE-2020-11056 (Critical severity) was published May 8, 2020 barrelstrength/sprout-base-email (Composer)
Reloading page with certificate errors shows a green URL
CVE-2020-11054 (Low severity) was published May 8, 2020 qutebrowser (pip)
`WebSocketClient` does not perform SSL hostname validation
CVE-2020-11050 (High severity) was published May 8, 2020 org.java-websocket:Java-WebSocket (Maven)
Brute Force Vulnerability
CVE-2020-11052 (High severity) was published May 7, 2020 sorcery (RubyGems)
CVE-2020-10187
CVE-2020-10187 (Moderate severity) was published May 7, 2020 doorkeeper (RubyGems)
Cross-Site Scripting Through Comment Creation
CVE-2020-11055 (Moderate severity) was published May 7, 2020 ssddanbrown/bookstack (Composer)
Potential timing attack on password-protected private pages
CVE-2020-11037 (Moderate severity) was published May 7, 2020 wagtail (pip)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.