The Wayback Machine - http://web.archive.org/web/20210506202429/https://github.com/advisories
Skip to content

GitHub Advisory Database

3,710 advisories

Code injection in mock2easy
CVE-2020-7697 (Critical severity) was published May 6, 2021 mock2easy (npm)
Command injection in Gerapy
CVE-2020-7698 (Critical severity) was published May 6, 2021 gerapy (pip)
Path traversal in Tempfile on Windows
CVE-2021-28966 (Moderate severity) was published May 6, 2021 tmpdir (RubyGems)
Validation bypass in jpv
CVE-2020-17479 (Critical severity) was published May 6, 2021 jpv (npm)
Improper Restriction of XML External Entity Reference in svglib
CVE-2020-10799 (High severity) was published May 6, 2021 svglib (pip)
Cross-site scripting in TinyMCE
CVE-2020-17480 (Moderate severity) was published May 6, 2021 tinymce (npm)
Reflected cross-site scripting in francoisjacquet/rosariosis
CVE-2020-13278 (Moderate severity) was published May 6, 2021 francoisjacquet/rosariosis (Composer)
Uncontrolled Resource Consumption in fastify-multipart
CVE-2020-8136 (Moderate severity) was published May 6, 2021 falsify-multipart (npm)
Prototype Pollution in phpjs
CVE-2020-7700 (Critical severity) was published May 6, 2021 phpjs (npm)
Prototype Pollution in madlib-object-utils
CVE-2020-7701 (Critical severity) was published May 6, 2021 madlib-object-utils (npm)
Prototype Pollution in nis-utils
CVE-2020-7703 (Critical severity) was published May 6, 2021 nis-utils (npm)
Prototype Pollution in templ8
CVE-2020-7702 (Critical severity) was published May 6, 2021 templ8 (npm)
"Prototype Pollution in irrelon-path and @irrelon/path"
CVE-2020-7708 (Critical severity) was published May 6, 2021 @irrelon/path (npm)
Prototype Pollution in connie-lang
CVE-2020-7706 (Critical severity) was published May 6, 2021 connie-lang (npm)
Prototype Pollution in property-expr
CVE-2020-7707 (High severity) was published May 6, 2021 property-expr (npm)
Improper exception handling in Aedes
CVE-2020-13410 (High severity) was published May 6, 2021 aedes (npm)
Denial of Service in Action Controller Token Authentication
CVE-2021-22904 (Moderate severity) was published May 5, 2021 actionpack (RubyGems)
Information Disclosure / Unintended Method Execution in Action Pack
CVE-2021-22885 (Moderate severity) was published May 5, 2021 actionpack (RubyGems)
Open Redirect in Action Pack
CVE-2021-22903 (High severity) was published May 5, 2021 actionpack (RubyGems)
Denial of Service in Action Dispatch
CVE-2021-22902 (Moderate severity) was published May 5, 2021 actionpack (RubyGems)
Command injection in json
CVE-2020-7712 (High severity) was published May 6, 2021 json (npm)
Insecure input handling in Flask-Cors
CVE-2020-25032 (High severity) was published May 6, 2021 Flask-Cors (pip)
Cross-Site Request Forgery in MAGMI
CVE-2020-5776 (Moderate severity) was published May 6, 2021 dweeves/magmi (Composer)
Authentication bypass in MAGMI
CVE-2020-5777 (Critical severity) was published May 6, 2021 dweeves/magmi (Composer)
Prototype Pollution in arr-flatten-unflatten
CVE-2020-7713 (Critical severity) was published May 6, 2021 arr-flatten-unflatten (npm)
ProTip! Advisories are also available from the GraphQL API