The Wayback Machine - http://web.archive.org/web/20210721005344/https://github.com/advisories
Skip to content

GitHub Advisory Database

The latest security vulnerabilities from the world of open source software.

GitHub reviewed advisories

Select ecosystem

Select ecosystem

All reviewed

4,362

Composer

302

Go

158

Maven

757

npm

1,982

NuGet

114

pip

640

RubyGems

409

4,361 advisories

Missing SSL Certificate Validation in Hashicorp Consul
CVE-2021-32574 (Moderate severity) was published Jul 19, 2021 github.com/hashicorp/consul (Go)
L7 deny intention results in an allow action
CVE-2021-36213 (Moderate severity) was published Jul 19, 2021 github.com/hashicorp/consul (Go)
Cross-site Scripting in Froala WYSIWYG Editor
CVE-2021-28114 (High severity) was published Jul 19, 2021 froala/wysiwyg-editor (Composer)
Hostname spoofing via backslashes in URL
CVE-2021-3647 (Moderate severity) was published Jul 19, 2021 urijs (npm)
ready-research
Encoded URIs can access WEB-INF
CVE-2021-34429 (Moderate severity) was published Jul 19, 2021 org.eclipse.jetty:jetty-webapp (Maven)
cangqingzhe lachlan-roberts
Basic-auth app bundle credential exposure in gatsby-source-wordpress
CVE-2021-32770 (High severity) was published Jul 19, 2021 gatsby-source-wordpress (npm)
chroot isolation: environment value leakage to intermediate processes
CVE-2021-3602 (Moderate severity) was published Jul 19, 2021 github.com/containers/buildah (Go)
bburky
Incorrect Regular Expression in RestSharp
CVE-2021-27293 (High severity) was published Jul 14, 2021 RestSharp (NuGet)
Allocation of resources without limits or throttling in keycloak-model-infinispan
CVE-2021-3637 (High severity) was published Jul 13, 2021 org.keycloak:keycloak-model-infinispan (Maven)
SQL injection in pimcore/pimcore
CVE-2021-23405 (High severity) was published Jul 13, 2021 pimcore/pimcore (Composer)
Files or Directories Accessible to External Parties in ether/logs
CVE-2021-32752 (High severity) was published Jul 12, 2021 ether/logs (Composer)
Regular Expression Denial of Service in Addressable templates
CVE-2021-32740 (High severity) was published Jul 12, 2021 addressable (RubyGems)
Utils.readChallengeTx does not verify the server account signature
CVE-2021-32738 (Moderate severity) was published Jul 2, 2021 stellar-sdk (npm)
leighmcculloch
XSS Injection in Media Collection Title was possible
CVE-2021-32737 (Moderate severity) was published Jul 2, 2021 sulu/sulu (Composer)
A user without PR can reset user authentication failures information
CVE-2021-32729 (Low severity) was published Jul 2, 2021 org.xwiki.platform:xwiki-platform-security-authentication-script (Maven)
No CSRF protection on the password change form
CVE-2021-32730 (Moderate severity) was published Jul 2, 2021 org.xwiki.platform:xwiki-platform-administration-ui (Maven)
The reset password form reveal users email address
CVE-2021-32731 (Moderate severity) was published Jul 2, 2021 org.xwiki.platform:xwiki-platform-web (Maven)
Cross-site scripting (XSS) from field and configuration text displayed in the Panel
CVE-2021-32735 (High severity) was published Jul 2, 2021 getkirby/cms (Composer)
hdodov
XML Entity Expansion
CVE-2021-25951 (High severity) was published Jul 2, 2021 XML2Dict (pip)
Remote code injection
CVE-2021-27903 (Critical severity) was published Jul 2, 2021 craftcms/cms (Composer)
Cross-site Scripting
CVE-2021-27902 (Moderate severity) was published Jul 2, 2021 craftcms/cms (Composer)
Improper Restriction of XML External Entity Reference
CVE-2021-21672 (Moderate severity) was published Jul 2, 2021 org.jenkins-ci.plugins:seleniumhtmlreport (Maven)
Cached redirect poisoning via X-Forwarded-Host header
CVE-2021-29479 (High severity) was published Jul 1, 2021 io.ratpack:ratpack-core (Maven)
JLLeitschuh
Default client side session signing key is highly predictable
CVE-2021-29480 (Moderate severity) was published Jul 1, 2021 io.ratpack:ratpack-session (Maven)
JLLeitschuh
Unencrypted storage of client side sessions
CVE-2021-29481 (Moderate severity) was published Jul 1, 2021 io.ratpack:ratpack-session (Maven)
JLLeitschuh
ProTip! Advisories are also available from the GraphQL API