The Wayback Machine - https://web.archive.org/web/20210312235510/https://github.com/advisories
Skip to content

GitHub Advisory Database

3,200 advisories

Vulnerability allowing for reading internal HTTP resources
GHSA-hfwx-c7q6-g54c (High severity) was published Mar 12, 2021 highcharts-export-server (npm)
Authenticated remote code execution
GHSA-pjj4-jjgc-h3r8 (Moderate severity) was published Mar 12, 2021 shopware/platform (Composer)
Potential Session Hijacking
GHSA-h9q8-5gv2-v6mg (Low severity) was published Mar 12, 2021 shopware/platform (Composer)
Regular Expression Denial of Service (ReDoS)
CVE-2021-23353 (Moderate severity) was published Mar 12, 2021 jspdf (npm)
Improper Neutralization of Special Elements used in a Command
CVE-2021-23352 (High severity) was published Mar 12, 2021 madge (npm)
Cross-site scripting (XSS)
CVE-2020-13959 (Moderate severity) was published Mar 12, 2021 org.apache.velocity.tools:velocity-tools-parent (Maven)
Cross-site scripting (XSS)
CVE-2020-17551 (Moderate severity) was published Mar 12, 2021 impresscms/impresscms (Composer)
Cross-site scripting (XSS)
CVE-2021-28088 (Moderate severity) was published Mar 12, 2021 impresscms/impresscms (Composer)
Uncontrolled Resource Consumption
CVE-2020-13949 (High severity) was published Mar 12, 2021 org.apache.thrift:libthrift (Maven)
Missing authentication for critical function
CVE-2021-20262 (Moderate severity) was published Mar 12, 2021 org.keycloak:keycloak-core (Maven)
Code injection in nobelprizeparser
GHSA-4wv4-mgfq-598v (Critical severity) was published Mar 12, 2021 nobelprizeparser (npm)
Prototype poisoning
CVE-2021-21368 (Moderate severity) was published Mar 12, 2021 msgpack5 (npm)
Misinterpretation of malicious XML input
CVE-2021-21366 (Low severity) was published Mar 12, 2021 xmldom (npm)
Cross-site scripting
CVE-2021-3377 (Moderate severity) was published Mar 11, 2021 ansi_up (npm)
Improper Neutralization of Special Elements used in an OS Command.
CVE-2021-24033 (Moderate severity) was published Mar 11, 2021 react-dev-utils (npm)
/user/sessions endpoint allows detecting valid accounts
GHSA-gmrf-99gw-vvwj (High severity) was published Mar 11, 2021 ezsystems/ezpublish-kernel (Composer)
/user/sessions endpoint allows detecting valid accounts
GHSA-7vwg-39h8-8qp8 (High severity) was published Mar 11, 2021 ezsystems/ezplatform-rest (Composer)
Generated Code Contains Local Information Disclosure Vulnerability
CVE-2021-21364 (Low severity) was published Mar 11, 2021 io.swagger:swagger-codegen (Maven)
Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory
CVE-2021-21363 (Low severity) was published Mar 11, 2021 io.swagger:swagger-codegen (Maven)
Execution of untrusted code through config file
CVE-2021-21371 (Moderate severity) was published Mar 10, 2021 tenable-jira-cloud (pip)
Potential Host Header Poisoning on misconfigured servers
CVE-2021-21265 (Low severity) was published Mar 10, 2021 october/backend (Composer)
Verification flaw in Solid identity-token-verifier
GHSA-xmh9-rg6f-j3mr (Moderate severity) was published Mar 12, 2021 @solid/identity-token-verifier (npm)
DOS vulnerability for Quoted Quality CSV headers
CVE-2020-27223 (Moderate severity) was published Mar 10, 2021 org.eclipse.jetty:jetty-server (Maven)
Possible request smuggling in HTTP/2 due missing validation
CVE-2021-21295 (Low severity) was published Mar 9, 2021 io.netty:netty-codec-http2 (Maven)
Activerecord-session_store Timing Attack
CVE-2019-25025 (Moderate severity) was published Mar 9, 2021 activerecord-session_store (RubyGems)
ProTip! Advisories are also available from the GraphQL API