The Wayback Machine - https://web.archive.org/web/20200817105653/https://github.com/advisories
Skip to content

GitHub Advisory Database

2,088 advisories

Server-Side Request Forgery in @uppy/companion
CVE-2020-8205 (Moderate severity) was published Aug 13, 2020 @uppy/companion (npm)
Cross-Site Scripting in @progress/kendo-angular-editor
GHSA-j7wp-vjj6-cp5m (High severity) was published Aug 11, 2020 @progress/kendo-angular-editor (npm)
CSS Injection in Chartkick gem
CVE-2020-16254 (Moderate severity) was published Aug 12, 2020 chartkick (RubyGems)
Insecure serialization leading to RCE in serialize-javascript
CVE-2020-7660 (High severity) was published Aug 11, 2020 serialize-javascript (npm)
Cross-site scripting vulnerability in TinyMCE
GHSA-vrv8-v4w8-f95h (Moderate severity) was published Aug 11, 2020 tinymce (npm)
CSRF tokens leaked in URL by canned query form
GHSA-q6j3-c4wc-63vw (Low severity) was published Aug 11, 2020 datasette (pip)
Unintended read access in kramdown gem
CVE-2020-14001 (High severity) was published Aug 7, 2020 kramdown (RubyGems)
XSS vulnerability in the Previewers plugin
CVE-2020-15138 (High severity) was published Aug 7, 2020 prismjs (npm)
XSS via JQLite DOM manipulation functions in AngularJS
GHSA-5cp4-xmrw-59wf (Moderate severity) was published Aug 5, 2020 angular (npm)
CSRF Vulnerability
GHSA-whrh-9j4q-g7ph (Moderate severity) was published Aug 5, 2020 polaris-website (npm)
Reset Password / Login vulnerability
CVE-2020-15132 (Moderate severity) was published Aug 5, 2020 sulu/sulu (Composer)
CSRF on PgHero gem
CVE-2020-16253 (Moderate severity) was published Aug 5, 2020 pghero (RubyGems)
CSRF in Field Test
CVE-2020-16252 (Moderate severity) was published Aug 5, 2020 field_test (RubyGems)
[CVE-2020-15109] Ability to change order address without triggering address validations
CVE-2020-15109 (Moderate severity) was published Aug 4, 2020 solidus_api (RubyGems)
CSRF vulnerability
CVE-2020-15135 (Moderate severity) was published Aug 4, 2020 save-server (npm)
Denial of service in fastify
CVE-2020-8192 (Moderate severity) was published Aug 5, 2020 fastify (npm)
Prototype Pollution in express-fileupload
CVE-2020-7699 (High severity) was published Aug 5, 2020 express-fileupload (npm)
Code execution in Spring Integration
CVE-2020-5413 (High severity) was published Aug 5, 2020 org.springframework.integration:spring-integration-core (Maven)
Operation on a Resource after Expiration or Release in Jetty Server
CVE-2019-17638 (High severity) was published Aug 5, 2020 org.eclipse.jetty:jetty-server (Maven)
Encrypted cookie values are not tied to the cookie name
CVE-2020-15128 (Moderate severity) was published Aug 5, 2020 october/rain (Composer)
Missing TLS certificate verification
CVE-2020-15133 (High severity) was published Jul 31, 2020 faye-websocket (RubyGems)
Missing TLS certificate verification
CVE-2020-15134 (High severity) was published Jul 31, 2020 faye (RubyGems)
Potential XSS vulnerability in Kitodo.Presentation
CVE-2020-16095 (Moderate severity) was published Jul 31, 2020 kitodo/presentation (Composer)
False-positive validity for NFT1 genesis transactions
CVE-2020-15131 (Critical severity) was published Jul 30, 2020 slp-validate (npm)
False-positive validity for NFT1 genesis transactions
CVE-2020-15130 (Critical severity) was published Jul 30, 2020 slpjs (npm)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.