GitHub Advisory Database
3,019 advisories
Filter by severity
Cross-Site Scripting in Grav
GHSA-cvmr-6428-87w9
(Moderate severity)
was published Dec 10, 2020
•
getgrav/grav
(Composer)
Heap out of bounds access in MakeEdge in TensorFlow
CVE-2020-26271
(Low severity)
was published Dec 10, 2020
•
tensorflow
(pip)
CHECK-fail in LSTM with zero-length input in TensorFlow
CVE-2020-26270
(Low severity)
was published Dec 10, 2020
•
tensorflow
(pip)
Write to immutable memory region in TensorFlow
CVE-2020-26268
(Low severity)
was published Dec 10, 2020
•
tensorflow
(pip)
Lack of validation in data format attributes in TensorFlow
CVE-2020-26267
(Low severity)
was published Dec 10, 2020
•
tensorflow
(pip)
Uninitialized memory access in TensorFlow
CVE-2020-26266
(Low severity)
was published Dec 10, 2020
•
tensorflow
(pip)
Prototype Pollution
GHSA-qqgx-2p2h-9c37
(Low severity)
was published Dec 10, 2020
•
ini
(npm)
Information Disclosure in Apache Groovy
CVE-2020-17521
(Moderate severity)
was published Dec 9, 2020
•
org.codehaus.groovy:groovy
(Maven)
Denial of service attack via incorrect parameters in Matrix Synapse
CVE-2020-26257
(Low severity)
was published Dec 9, 2020
•
matrix-synapse
(pip)
user-readable api tokens in systemd units for JupyterHub
CVE-2020-26261
(High severity)
was published Dec 9, 2020
•
jupyterhub-systemdspawner
(pip)
Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability
CVE-2020-26249
(High severity)
was published Dec 8, 2020
•
red-dashboard
(pip)
Disabled Hostname Verification in OpenCast
CVE-2020-26234
(High severity)
was published Dec 8, 2020
•
org.opencastproject:opencast-kernel
(Maven)
Denial of service in fast-csv
CVE-2020-26256
(Low severity)
was published Dec 8, 2020
•
@fast-csv/parse
(npm)
PHP Phar archives could be uploaded by Panel users as content files and executed in Kirby
CVE-2020-26255
(Low severity)
was published Dec 8, 2020
•
getkirby/cms
(Composer)
omniauth-apple allows attacker to fake their email address during authentication
CVE-2020-26254
(Low severity)
was published Dec 8, 2020
•
omniauth-apple
(RubyGems)
Cross-Site Scripting bypass in html-purify
GHSA-5p28-63mc-cgr9
(High severity)
was published Dec 4, 2020
•
html-purify
(npm)
ReDOS vulnerabities: multiple grammars
GHSA-7wwv-vh3v-89cq
(Moderate severity)
was published Dec 4, 2020
•
@highlightjs/cdn-assets
(npm)
Multiple cryptographic issues in Python oic
CVE-2020-26244
(Moderate severity)
was published Dec 4, 2020
•
oic
(pip)
Inappropriate implementation in V8
CVE-2020-16009
(High severity)
was published Dec 2, 2020
•
CefSharp.Common
(NuGet)
XXE in petl
GHSA-f5gc-p5m3-v347
(Low severity)
was published Dec 2, 2020
•
petl
(pip)
Buffer not correctly recycled in Gzip Request inflation
CVE-2020-27218
(Moderate severity)
was published Dec 2, 2020
•
org.eclipse.jetty:jetty-server
(Maven)
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
GHSA-47qg-q58v-7vrp
(Low severity)
was published Dec 2, 2020
•
amundsen-frontend
(pip)
Base class whitelist configuration ignored in OAuthenticator
CVE-2020-26250
(High severity)
was published Dec 1, 2020
•
oauthenticator
(pip)
Inappropriate implementation in V8 in CefSharp
CVE-2020-16013
(High severity)
was published Nov 27, 2020
•
CefSharp.Common
(NuGet)
Use after free in CefSharp
CVE-2020-16017
(High severity)
was published Nov 27, 2020
•
CefSharp.Common
(NuGet)
ProTip! Advisories are also available from the
GraphQL API.