The Wayback Machine - https://web.archive.org/web/20200702052504/https://github.com/advisories
Skip to content

GitHub Advisory Database

2,003 advisories

XML external entity injection in Terracotta Quartz Scheduler
CVE-2019-13990 (Moderate severity) was published Jul 1, 2020 org.quartz-scheduler:quartz (Maven)
Directory traversal in Apache RocketMQ
CVE-2019-17572 (Moderate severity) was published Jul 1, 2020 org.apache.rocketmq:rocketmq-broker (Maven)
Privilege escalation in mysql-connector-jav
CVE-2019-2692 (Moderate severity) was published Jul 1, 2020 mysql:mysql-connector-java (Maven)
XML External Entity Injection in XStream
CVE-2016-3674 (High severity) was published Jun 30, 2020 com.thoughtworks.xstream:xstream (Maven)
Denial of service in XStream
CVE-2017-7957 (High severity) was published Jun 30, 2020 com.thoughtworks.xstream:xstream (Maven)
Information Exposure in Netty
CVE-2015-2156 (High severity) was published Jun 30, 2020 io.netty:netty-handler (Maven)
Denial of service in Netty
CVE-2014-3488 (Moderate severity) was published Jun 30, 2020 io.netty:netty-handler (Maven)
Deserialization of Untrusted Data in jackson-databind
CVE-2018-5968 (High severity) was published Jun 30, 2020 com.fasterxml.jackson.core:jackson-databind (Maven)
Privilege escalation for internal APIs
CVE-2020-15087 (High severity) was published Jun 30, 2020 io.prestosql:presto-server (Maven)
auth bypass in express-jwt
CVE-2020-15084 (High severity) was published Jun 30, 2020 express-jwt (npm)
2020.03.31 ECDSA signature vulnerability of Minerva timing attack
GHSA-g753-jx37-7xwh (Moderate severity) was published Jun 30, 2020 jsrsasign (npm)
2020.06.22 CVE-2020-14966 ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding
CVE-2020-14966 (Moderate severity) was published Jun 26, 2020 jsrsasign (npm)
CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2019-16303 (Critical severity) was published Jun 26, 2020 generator-jhipster-kotlin (npm)
2020.06.22 CVE-2020-14967 RSA RSAES-PKCS1-v1_5 and RSA-OAEP decryption vulnerability with prepending zeros
CVE-2020-14967 (Low severity) was published Jun 26, 2020 jsrsasign (npm)
2020.06.22 CVE-2020-14968 RSA-PSS signature validation vulnerability by prepending zeros
CVE-2020-14968 (Low severity) was published Jun 26, 2020 jsrsasign (npm)
Log Forging Vulnerability
CVE-2020-4072 (Moderate severity) was published Jun 25, 2020 generator-jhipster-kotlin (npm)
Untrusted users can run pending migrations in production in Rails
CVE-2020-8185 (Low severity) was published Jun 24, 2020 actionpack (RubyGems)
Percent-encoded cookies can be used to overwrite existing prefixed cookie names
CVE-2020-8184 (High severity) was published Jun 24, 2020 rack (RubyGems)
Potential timing attack on apps using basic authentication
CVE-2020-4071 (Low severity) was published Jun 23, 2020 django-basic-auth-ip-whitelist (pip)
Directory traversal outside of SENDFILE_ROOT
GHSA-6r3c-8xf3-ggrr (Moderate severity) was published Jun 24, 2020 django-sendfile2 (pip)
Regular expression denial of service in url-regex
CVE-2020-7661 (Moderate severity) was published Jun 22, 2020 url-regex (npm)
Cross site scripting in Angular
CVE-2020-7676 (Low severity) was published Jun 18, 2020 angular (npm)
Deserialization of untrusted data in Jackson Databind
CVE-2020-14061 (High severity) was published Jun 18, 2020 com.fasterxml.jackson.core:jackson-databind (Maven)
Deserialization of untrusted data in Jackson Databind
CVE-2020-14062 (High severity) was published Jun 18, 2020 com.fasterxml.jackson.core:jackson-databind (Maven)
Deserialization of untrusted data in Jackson Databind
CVE-2020-14060 (High severity) was published Jun 18, 2020 com.fasterxml.jackson.core:jackson-databind (Maven)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.