The Wayback Machine - https://web.archive.org/web/20201220132651/https://github.com/advisories
Skip to content

GitHub Advisory Database

3,030 advisories

Cross-site Scripting in dompurify
CVE-2020-26870 (Moderate severity) was published Dec 18, 2020 dompurify (npm)
Path Traversal in MPXJ
CVE-2020-35460 (Moderate severity) was published Dec 18, 2020 net.sf.mpxj:mpxj (Maven)
Code Injection in mquery
CVE-2020-35149 (Moderate severity) was published Dec 18, 2020 mquery (npm)
Command Injection in corenlp-js-interface
CVE-2020-28440 (Critical severity) was published Dec 18, 2020 corenlp-js-interface (npm)
SSRF vulnerability in Arache Airflow
CVE-2020-17513 (Moderate severity) was published Dec 17, 2020 apache-airflow (pip)
Plain text storage of passwords in Apache Airflow
CVE-2020-17511 (Moderate severity) was published Dec 17, 2020 apache-airflow (pip)
Command injection in connection-tester
CVE-2020-7781 (Critical severity) was published Dec 17, 2020 connection-tester (npm)
Prototype pollution in datatables.net
CVE-2020-28458 (High severity) was published Dec 17, 2020 datatables.net (npm)
Command Injection Vulnerability in systeminformation
CVE-2020-26274 (Moderate severity) was published Dec 16, 2020 systeminformation (npm)
Denial of Service in ecstatic
CVE-2019-10775 (Moderate severity) was published Dec 15, 2020 ecstatic (npm)
Denial of Service in i18n
CVE-2020-7791 (Moderate severity) was published Dec 14, 2020 i18n (NuGet)
Cross-Site Scripting in Grav
GHSA-cvmr-6428-87w9 (Moderate severity) was published Dec 10, 2020 getgrav/grav (Composer)
Heap out of bounds access in MakeEdge in TensorFlow
CVE-2020-26271 (Low severity) was published Dec 10, 2020 tensorflow (pip)
CHECK-fail in LSTM with zero-length input in TensorFlow
CVE-2020-26270 (Low severity) was published Dec 10, 2020 tensorflow (pip)
Write to immutable memory region in TensorFlow
CVE-2020-26268 (Low severity) was published Dec 10, 2020 tensorflow (pip)
Lack of validation in data format attributes in TensorFlow
CVE-2020-26267 (Low severity) was published Dec 10, 2020 tensorflow (pip)
Uninitialized memory access in TensorFlow
CVE-2020-26266 (Low severity) was published Dec 10, 2020 tensorflow (pip)
Prototype Pollution
CVE-2020-7788 (Low severity) was published Dec 10, 2020 ini (npm)
Information Disclosure in Apache Groovy
CVE-2020-17521 (Moderate severity) was published Dec 9, 2020 org.codehaus.groovy:groovy (Maven)
Denial of service attack via incorrect parameters in Matrix Synapse
CVE-2020-26257 (Low severity) was published Dec 9, 2020 matrix-synapse (pip)
user-readable api tokens in systemd units for JupyterHub
CVE-2020-26261 (High severity) was published Dec 9, 2020 jupyterhub-systemdspawner (pip)
Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability
CVE-2020-26249 (High severity) was published Dec 8, 2020 red-dashboard (pip)
Disabled Hostname Verification in OpenCast
CVE-2020-26234 (High severity) was published Dec 8, 2020 org.opencastproject:opencast-kernel (Maven)
Denial of service in fast-csv
CVE-2020-26256 (Low severity) was published Dec 8, 2020 @fast-csv/parse (npm)
PHP Phar archives could be uploaded by Panel users as content files and executed in Kirby
CVE-2020-26255 (Low severity) was published Dec 8, 2020 getkirby/cms (Composer)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.