The Wayback Machine - https://web.archive.org/web/20200723194159/https://github.com/advisories
Skip to content

GitHub Advisory Database

2,028 advisories

Storing Password in Local Storage
GHSA-wvh7-5p38-2qfc (Moderate severity) was published Jul 23, 2020 parse (npm)
GraphQL: Security breach on Viewer query
CVE-2020-15126 (High severity) was published Jul 22, 2020 parse-server (npm)
HTML injection through form field help text
CVE-2020-15118 (Moderate severity) was published Jul 20, 2020 wagtail (pip)
Command injection in upload method
CVE-2020-15123 (Moderate severity) was published Jul 20, 2020 codecov (npm)
Possible pod name collisions
CVE-2020-15110 (Moderate severity) was published Jul 22, 2020 jupyterhub-kubespawner (pip)
Prototype Pollution in lodash
CVE-2020-8203 (Low severity) was published Jul 15, 2020 lodash (npm)
Broken access control on files
CVE-2019-14273 (Moderate severity) was published Jul 15, 2020 silverstripe/framework (Composer)
GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2020-111
GHSA-7xcx-6wjh-7xp2 (Moderate severity) was published Jul 13, 2020 standard-version (npm)
User passwords are stored in clear text in the Django session
CVE-2020-15105 (High severity) was published Jul 10, 2020 django-two-factor-auth (pip)
Stored XSS vulnerability when rendering data
CVE-2020-15092 (High severity) was published Jul 9, 2020 @knight-lab/timelinejs (npm)
Path Traversal in socket.io-file
GHSA-9h4g-27m8-qjrg (High severity) was published Jul 7, 2020 socket.io-file (npm)
Sensitive information exposure through logs
CVE-2020-15095 (Low severity) was published Jul 7, 2020 npm (npm)
Sensitive information exposure through logs
GHSA-jmqm-f2gx-4fjv (Low severity) was published Jul 7, 2020 npm-registry-fetch (npm)
Denial of service due to reference expansion in versions earlier than 4.0
GHSA-mm44-wc5p-wqhq (High severity) was published Jul 7, 2020 com.upokecenter:cbor (Maven)
Untrusted XML files
GHSA-vjv6-gq77-3mjw (Low severity) was published Jul 7, 2020 org.mapfish.print:print-lib (Maven)
No more used JSONP vulnerabilities
GHSA-w534-q4xf-h5v2 (Low severity) was published Jul 7, 2020 org.mapfish.print:print-lib (Maven)
Potentially sensitive data exposure
GHSA-wwgf-3xp7-cxj4 (Moderate severity) was published Jul 7, 2020 gos/web-socket-bundle (Composer)
CSRF Vulnerability in rails-ujs
CVE-2020-8167 (Moderate severity) was published Jul 7, 2020 actionview (RubyGems)
Potential remote code execution of user-provided local names in ActionView
CVE-2020-8163 (Moderate severity) was published Jul 7, 2020 actionview (RubyGems)
Context isolation bypass via Promise.then bug in V8
CVE-2020-15096 (Low severity) was published Jul 7, 2020 electron (npm)
Context isolation bypass via leaked cross-context objects
CVE-2020-4076 (High severity) was published Jul 7, 2020 electron (npm)
Context isolation bypass via contextBridge
CVE-2020-4077 (High severity) was published Jul 7, 2020 electron (npm)
Arbitrary file read via window-open IPC
CVE-2020-4075 (Moderate severity) was published Jul 7, 2020 electron (npm)
Directory traversal in Rack::Directory app bundled with Rack
CVE-2020-8161 (Moderate severity) was published Jul 6, 2020 rack (RubyGems)
Potential self-XSS when pasting content from malicious websites
CVE-2020-4061 (Low severity) was published Jul 2, 2020 october/october (Composer)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.