GitHub Advisory Database
3,326 advisories
Filter by severity
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-21351
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-21350
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
CVE-2021-21349
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
CVE-2021-21348
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-21347
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-21346
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
XStream is vulnerable to a Remote Command Execution attack
CVE-2021-21345
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-21344
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights
CVE-2021-21343
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
CVE-2021-21342
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
XStream can cause a Denial of Service
CVE-2021-21341
(Low severity)
was published Mar 22, 2021
•
com.thoughtworks.xstream:xstream
(Maven)
Cross-Site Scripting in lxml
CVE-2021-28957
(Moderate severity)
was published Mar 22, 2021
•
lxml
(pip)
Out-of-bounds write in libpng
CVE-2018-14550
(High severity)
was published Mar 22, 2021
•
libpng
(NuGet)
Regular Expression Denial-of-Service in npm schema-inspector
CVE-2021-21267
(Low severity)
was published Mar 19, 2021
•
schema-inspector
(npm)
Potential remote code execution in Apache Tomcat
CVE-2021-25329
(Critical severity)
was published Mar 19, 2021
•
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Cross-site scripting in eZ Platform Kernel
GHSA-mrvj-7q4f-5p42
(High severity)
was published Mar 19, 2021
•
ezsystems/ezplatform-kernel
(Composer)
Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection
CVE-2021-28363
(High severity)
was published Mar 19, 2021
•
urllib3
(pip)
Prototype pollution in set-in
CVE-2020-28273
(Critical severity)
was published Mar 19, 2021
•
set-in
(npm)
Command injection in wc-cmd
CVE-2020-28431
(Critical severity)
was published Mar 19, 2021
•
wc-cmd
(npm)
Null characters not escaped
CVE-2021-21384
(High severity)
was published Mar 18, 2021
•
shescape
(npm)
Prototype Pollution Vulnerability in object-collider
CVE-2021-25914
(Critical severity)
was published Mar 19, 2021
•
object-collider
(npm)
Code injection in kill-process-by-name
CVE-2021-23356
(Moderate severity)
was published Mar 19, 2021
•
kill-process-by-name
(npm)
Command Injection in ps-kill
CVE-2021-23355
(Moderate severity)
was published Mar 19, 2021
•
ps-kill
(npm)
Privilege Context Switching Error in Elasticsearch
CVE-2020-7020
(Low severity)
was published Mar 18, 2021
•
org.elasticsearch:elasticsearch
(Maven)
Privilege Escalation Flaw in Elasticsearch
CVE-2020-7014
(Moderate severity)
was published Mar 18, 2021
•
org.elasticsearch:elasticsearch
(Maven)
ProTip!
Advisories are also available from the
GraphQL API