The Wayback Machine - https://web.archive.org/web/20200820123239/https://github.com/advisories
Skip to content

GitHub Advisory Database

2,095 advisories

DOM-based XSS in Lock
CVE-2020-15119 (Low severity) was published Aug 19, 2020 auth0-lock (npm)
Remote Code Execution in ParametersParser while using request parameters inside expression language
CVE-2020-15143 (High severity) was published Aug 19, 2020 sylius/resource-bundle (Composer)
Remote Code Execution in OptionsParser while using request parameters inside expression language
CVE-2020-15146 (Critical severity) was published Aug 19, 2020 sylius/resource-bundle (Composer)
Observable Timing Discrepancy
CVE-2020-15151 (High severity) was published Aug 19, 2020 openmage/magento-lts (Composer)
CSRF in Play Framework
CVE-2020-12480 (Low severity) was published Aug 18, 2020 com.typesafe.play:play_2.12 (Maven)
Server-Side Request Forgery
CVE-2020-15152 (Critical severity) was published Aug 17, 2020 ftp-srv (npm)
Data Injection Vulnerability in moped Rubygem
CVE-2015-4410 (Moderate severity) was published Aug 19, 2020 moped (RubyGems)
Server-Side Request Forgery in @uppy/companion
CVE-2020-8205 (Moderate severity) was published Aug 13, 2020 @uppy/companion (npm)
Cross-Site Scripting in @progress/kendo-angular-editor
GHSA-j7wp-vjj6-cp5m (High severity) was published Aug 11, 2020 @progress/kendo-angular-editor (npm)
CSS Injection in Chartkick gem
CVE-2020-16254 (Moderate severity) was published Aug 12, 2020 chartkick (RubyGems)
Insecure serialization leading to RCE in serialize-javascript
CVE-2020-7660 (High severity) was published Aug 11, 2020 serialize-javascript (npm)
Cross-site scripting vulnerability in TinyMCE
GHSA-vrv8-v4w8-f95h (Moderate severity) was published Aug 11, 2020 tinymce (npm)
CSRF tokens leaked in URL by canned query form
GHSA-q6j3-c4wc-63vw (Low severity) was published Aug 11, 2020 datasette (pip)
Unintended read access in kramdown gem
CVE-2020-14001 (High severity) was published Aug 7, 2020 kramdown (RubyGems)
XSS vulnerability in the Previewers plugin
CVE-2020-15138 (High severity) was published Aug 7, 2020 prismjs (npm)
XSS via JQLite DOM manipulation functions in AngularJS
GHSA-5cp4-xmrw-59wf (Moderate severity) was published Aug 5, 2020 angular (npm)
CSRF Vulnerability
GHSA-whrh-9j4q-g7ph (Moderate severity) was published Aug 5, 2020 polaris-website (npm)
Reset Password / Login vulnerability
CVE-2020-15132 (Moderate severity) was published Aug 5, 2020 sulu/sulu (Composer)
CSRF on PgHero gem
CVE-2020-16253 (Moderate severity) was published Aug 5, 2020 pghero (RubyGems)
CSRF in Field Test
CVE-2020-16252 (Moderate severity) was published Aug 5, 2020 field_test (RubyGems)
[CVE-2020-15109] Ability to change order address without triggering address validations
CVE-2020-15109 (Moderate severity) was published Aug 4, 2020 solidus_api (RubyGems)
CSRF vulnerability
CVE-2020-15135 (Moderate severity) was published Aug 4, 2020 save-server (npm)
Denial of service in fastify
CVE-2020-8192 (Moderate severity) was published Aug 5, 2020 fastify (npm)
Prototype Pollution in express-fileupload
CVE-2020-7699 (High severity) was published Aug 5, 2020 express-fileupload (npm)
Code execution in Spring Integration
CVE-2020-5413 (High severity) was published Aug 5, 2020 org.springframework.integration:spring-integration-core (Maven)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.