Skip to content

GitHub Advisory Database

2,997 advisories

Base class whitelist configuration ignored in OAuthenticator
CVE-2020-26250 (High severity) was published Dec 1, 2020 oauthenticator (pip)
Inappropriate implementation in V8 in CefSharp
CVE-2020-16013 (High severity) was published Nov 27, 2020 CefSharp.Common (NuGet)
Use after free in CefSharp
CVE-2020-16017 (High severity) was published Nov 27, 2020 CefSharp.Common (NuGet)
Prototype Pollution in systeminformation
CVE-2020-26245 (Moderate severity) was published Nov 27, 2020 systeminformation (npm)
Memory leak in Nanopb
CVE-2020-26243 (Moderate severity) was published Nov 25, 2020 nanopb (pip)
Template injection in cron-utils
CVE-2020-26238 (Low severity) was published Nov 24, 2020 com.cronutils:cron-utils (Maven)
Prototype Pollution in highlight.js
CVE-2020-26237 (Low severity) was published Nov 24, 2020 highlight.js (npm)
Denial of service attack due to invalid JSON
CVE-2020-26890 (High severity) was published Nov 24, 2020 matrix-synapse (pip)
datasette-graphql leaks details of the schema of private database files
GHSA-74hv-qjjq-h7g5 (Low severity) was published Nov 24, 2020 datasette-graphql (pip)
Implementation trusts the "me" field returned by the authorization server without verifying it
GHSA-mjcr-rqjg-rhg3 (Critical severity) was published Nov 24, 2020 datasette-indieauth (pip)
Open redirect in Jupyter Server
CVE-2020-26232 (Moderate severity) was published Nov 24, 2020 jupyter-server (pip)
XML External Entity in Dashboard Widget
CVE-2020-26229 (Low severity) was published Nov 23, 2020 typo3/cms-core (Composer)
Cleartext storage of session identifier
CVE-2020-26228 (High severity) was published Nov 23, 2020 typo3/cms-core (Composer)
Bypass of fix for CVE-2020-15247, Twig sandbox escape
CVE-2020-26231 (Low severity) was published Nov 23, 2020 october/cms (Composer)
Stored XSS by authenticated backend user with access to upload files
CVE-2020-15249 (Low severity) was published Nov 23, 2020 october/backend (Composer)
Privilege escalation by backend users assigned to the default "Publisher" system role
CVE-2020-15248 (Low severity) was published Nov 23, 2020 october/backend (Composer)
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
CVE-2020-15247 (Low severity) was published Nov 23, 2020 october/cms (Composer)
Local File Inclusion by unauthenticated users
CVE-2020-15246 (Low severity) was published Nov 23, 2020 october/cms (Composer)
Secret disclosure when containing characters that become URI encoded
CVE-2020-26226 (High severity) was published Nov 18, 2020 semantic-release (npm)
Open redirect in Jupyter Notebook
CVE-2020-26215 (Moderate severity) was published Nov 18, 2020 notebook (pip)
Cross-Site Scripting through Fluid view helper arguments
CVE-2020-26216 (Moderate severity) was published Nov 18, 2020 typo3fluid/fluid (Composer)
Reflected XSS with parameters in PostComment
CVE-2020-26225 (Moderate severity) was published Nov 16, 2020 prestashop/productcomments (Composer)
XStream can be used for Remote Code Execution
CVE-2020-26217 (High severity) was published Nov 16, 2020 com.thoughtworks.xstream:xstream (Maven)
Persistent XSS in shopping worlds
GHSA-28fw-88hq-6jmm (Low severity) was published Nov 13, 2020 shopware/shopware (Composer)
Persistent XSS in newsletter module in Shopware
GHSA-hrfh-fp4x-crrq (Low severity) was published Nov 13, 2020 shopware/shopware (Composer)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.