The Wayback Machine - http://web.archive.org/web/20200914220407/https://github.com/advisories
Skip to content

GitHub Advisory Database

2,866 advisories

Prototype Pollution in node-forge
CVE-2020-7720 (High severity) was published Sep 14, 2020 node-forge (npm)
XXE in Apache Standard Taglibs
CVE-2015-0254 (High severity) was published Sep 14, 2020 org.apache.taglibs:taglibs-standard (Maven)
Sensitive Data Exposure in Apache Ant
CVE-2020-1945 (Moderate severity) was published Sep 14, 2020 org.apache.ant:ant (Maven)
Azure DevOps token leakage in logs
GHSA-36rh-ggpr-j3gj (Moderate severity) was published Sep 14, 2020 renovate (npm)
Potential XSS vulnerability in Action View
CVE-2020-15169 (Moderate severity) was published Sep 11, 2020 actionview (RubyGems)
Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (CVE-2018-17145)
CVE-2018-17145 (High severity) was published Sep 10, 2020 bcoin (npm)
Users with SCRIPT right can access the application server instance manager and create arbitrary Java objects through $request binding
CVE-2020-15171 (Low severity) was published Sep 10, 2020 org.xwiki.platform:xwiki-platform-oldcore (Maven)
The `size` option isn't honored after following a redirect
CVE-2020-15168 (Low severity) was published Sep 10, 2020 node-fetch (npm)
Lack of URL normalization may lead to authorization bypass when URL access rules are used
CVE-2020-24660 (High severity) was published Sep 9, 2020 lemonldap-ng-handler (npm)
Invalid root may become trusted root
CVE-2020-15163 (Low severity) was published Sep 9, 2020 tuf (pip)
Validation bypass vulnerability
GHSA-2p6g-gjp8-ggg9 (Low severity) was published Sep 9, 2020 personnummer/personnummer (Composer)
Validation bypass vulnerability
GHSA-qv8q-v995-72gr (Low severity) was published Sep 9, 2020 personnummer (NuGet)
Validation bypass vulnerability
GHSA-rxq3-5249-8hgg (Low severity) was published Sep 9, 2020 personnummer (pip)
Validation bypass vulnerability
GHSA-vpgc-7h78-gx8f (Low severity) was published Sep 4, 2020 personnummer (npm)
Information Disclosure and Broken Access Control in Backend Module
CVE-2020-25026 (Moderate severity) was published Sep 2, 2020 derhansen/sf_event_mgt (Composer)
Prevent RCE when calling untrusted remote with CachingHttpClient
CVE-2020-15094 (High severity) was published Sep 2, 2020 symfony/http-kernel (Composer)
Remote Memory Exposure in bl
CVE-2020-8244 (High severity) was published Sep 2, 2020 bl (npm)
Command Injection in bestzip
GHSA-4qqc-mp5f-ccv4 (Critical severity) was published Sep 2, 2020 bestzip (npm)
Improper Authorization in @sap-cloud-sdk/core
GHSA-r2vw-jgq9-jqx2 (High severity) was published Sep 3, 2020 @sap-cloud-sdk/core (npm)
Remote Code Execution in next
GHSA-5vj8-3v2h-h38v (High severity) was published Sep 4, 2020 next (npm)
Cross-Site Scripting in bootstrap-select
GHSA-9r7h-6639-v5mw (High severity) was published Sep 3, 2020 bootstrap-select (npm)
Cross-Site Scripting in @toast-ui/editor
GHSA-cr56-66mx-293v (High severity) was published Sep 3, 2020 @toast-ui/editor (npm)
DLL Injection in kerberos
GHSA-m2mx-rfpw-jghv (High severity) was published Sep 4, 2020 kerberos (npm)
Regular Expression Denial of Service in papaparse
GHSA-qvjc-g5vr-mfgr (High severity) was published Sep 4, 2020 papaparse (npm)
Malicious Package in m-backdoor
GHSA-vv52-3mrp-455m (Critical severity) was published Sep 3, 2020 m-backdoor (npm)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.