GitHub Advisory Database
3,162 advisories
Filter by severity
Open Redirect
CVE-2021-22881
(Moderate severity)
was published Mar 2, 2021
•
actionpack
(RubyGems)
Regular Expression Denial-of-Service
CVE-2021-22880
(High severity)
was published Mar 2, 2021
•
activerecord
(RubyGems)
Sandbox escape through template_object
CVE-2021-26119
(High severity)
was published Mar 2, 2021
•
smarty/smarty
(Composer)
Denial of service attack via .well-known lookups
CVE-2021-21274
(Low severity)
was published Mar 1, 2021
•
matrix-synapse
(pip)
Hostname spoofing via backslashes in URL
CVE-2021-27516
(Moderate severity)
was published Mar 1, 2021
•
urijs
(npm)
PHP Code Injection by malicious function name
CVE-2021-26120
(High severity)
was published Feb 26, 2021
•
smarty/smarty
(Composer)
Regular expression Denial of Service in @progfay/scrapbox-parser
CVE-2021-27405
(Moderate severity)
was published Mar 1, 2021
•
@progfay/scrapbox-parser
(npm)
Open redirects on some federation and push requests
CVE-2021-21273
(Low severity)
was published Feb 26, 2021
•
matrix-synapse
(pip)
Path traversal in Node-Red
CVE-2021-21298
(Low severity)
was published Feb 26, 2021
•
@node-red/runtime
(npm)
Prototype Pollution in Node-Red
CVE-2021-21297
(High severity)
was published Feb 26, 2021
•
@node-red/runtime
(npm)
Open redirect vulnerability in `aiohttp` (`normalize_path_middleware` middleware)
CVE-2021-21330
(Low severity)
was published Feb 26, 2021
•
aiohttp
(pip)
Denial of service in three
CVE-2020-28496
(High severity)
was published Mar 1, 2021
•
three
(npm)
Path traversal in pimcore/pimcore
CVE-2021-23340
(High severity)
was published Feb 25, 2021
•
pimcore/pimcore
(Composer)
Denial of service in prismjs
CVE-2021-23341
(High severity)
was published Mar 1, 2021
•
prismjs
(npm)
XSS in docsify
CVE-2021-23342
(High severity)
was published Mar 1, 2021
•
docsify
(npm)
XXS in NanoHTTPD
CVE-2020-13697
(Moderate severity)
was published Feb 25, 2021
•
org.nanohttpd:nanohttpd
(Maven)
SSRF in Rendertron
CVE-2020-8902
(Moderate severity)
was published Mar 1, 2021
•
rendertron
(npm)
XML External Entity (XXE) Injection in Jackson Databind
CVE-2020-25649
(High severity)
was published Feb 18, 2021
•
com.fasterxml.jackson.core:jackson-databind
(Maven)
Path traversal in bolt/core
CVE-2021-27367
(High severity)
was published Feb 18, 2021
•
bolt/core
(Composer)
Dynamic modification of RPyC service due to missing security check
CVE-2019-16328
(High severity)
was published Feb 17, 2021
•
rpyc
(pip)
Command Injection Vulnerability
CVE-2021-21315
(Moderate severity)
was published Feb 16, 2021
•
systeminformation
(npm)
Token verification bug in next-auth
CVE-2021-21310
(Low severity)
was published Feb 11, 2021
•
next-auth
(npm)
SSRF by connecting to privileged ports
CVE-2018-7667
(Moderate severity)
was published Feb 11, 2021
•
vrana/adminer
(Composer)
SSRF in adminer
CVE-2021-21311
(Low severity)
was published Feb 11, 2021
•
vrana/adminer
(Composer)
XSS via the history parameter in SQL command
CVE-2020-35572
(High severity)
was published Feb 11, 2021
•
vrana/adminer
(Composer)
ProTip!
Advisories are also available from the
GraphQL API