The Wayback Machine - https://web.archive.org/web/20210329035801/https://github.com/advisories
Skip to content

GitHub Advisory Database

3,347 advisories

HTML injection in email and account expiry notifications
CVE-2021-21333 (Low severity) was published Mar 26, 2021 matrix-synapse (pip)
Cross-site scripting (XSS) vulnerability in the password reset endpoint
CVE-2021-21332 (Low severity) was published Mar 26, 2021 matrix-synapse (pip)
Weak JSON Web Token in yapi-vendor
CVE-2021-27884 (Moderate severity) was published Mar 26, 2021 yapi-vendor (npm)
Improper Input Validation in PyYAML
CVE-2020-14343 (Moderate severity) was published Mar 25, 2021 PyYAML (pip)
Command injection in fs-path
CVE-2020-8298 (Critical severity) was published Mar 25, 2021 fs-path (npm)
Information Disclosure in Guava
CVE-2020-8908 (Moderate severity) was published Mar 25, 2021 com.google.guava:guava (Maven)
Access Restriction Bypass
CVE-2020-13757 (High severity) was published Mar 24, 2021 rsa (pip)
Path Traversal within joomla/archive zip class
CVE-2021-26028 (Moderate severity) was published Mar 24, 2021 joomla/archive (Composer)
XSS in CreateQueuedJobTask
CVE-2021-27938 (Moderate severity) was published Mar 24, 2021 symbiote/silverstripe-queuedjobs (Composer)
Rating Script Service expose XWiki to SQL injection
CVE-2021-21380 (High severity) was published Mar 23, 2021 org.xwiki.platform:xwiki-platform-ratings-api (Maven)
It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro
CVE-2021-21379 (Low severity) was published Mar 23, 2021 org.xwiki.platform:xwiki-platform-rendering-wikimacro-store (Maven)
OMERO webclient does not validate URL redirects on login or switching group.
CVE-2021-21377 (Low severity) was published Mar 23, 2021 omero-web (pip)
OMERO.web exposes some unnecessary session information in the page
CVE-2021-21376 (Low severity) was published Mar 23, 2021 omero-web (pip)
Cross-Site Scripting in Content Preview (CType menu)
CVE-2021-21370 (Low severity) was published Mar 23, 2021 typo3/cms-backend (Composer)
Denial of Service in Page Error Handling
CVE-2021-21359 (Moderate severity) was published Mar 23, 2021 typo3/cms-core (Composer)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
CVE-2021-21358 (Moderate severity) was published Mar 23, 2021 typo3/cms-form (Composer)
Broken Access Control in Form Framework
CVE-2021-21357 (High severity) was published Mar 23, 2021 typo3/cms-form (Composer)
Unrestricted File Upload in Form Framework
CVE-2021-21355 (High severity) was published Mar 23, 2021 typo3/cms-form (Composer)
Cross-Site Scripting in Content Preview
CVE-2021-21340 (Low severity) was published Mar 23, 2021 typo3/cms-backend (Composer)
Cleartext storage of session identifier
CVE-2021-21339 (Low severity) was published Mar 23, 2021 typo3/cms-core (Composer)
Open Redirection in Login Handling
CVE-2021-21338 (Low severity) was published Mar 23, 2021 typo3/cms-core (Composer)
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-21351 (Low severity) was published Mar 22, 2021 com.thoughtworks.xstream:xstream (Maven)
XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-21350 (Low severity) was published Mar 22, 2021 com.thoughtworks.xstream:xstream (Maven)
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
CVE-2021-21349 (Low severity) was published Mar 22, 2021 com.thoughtworks.xstream:xstream (Maven)
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
CVE-2021-21348 (Low severity) was published Mar 22, 2021 com.thoughtworks.xstream:xstream (Maven)
ProTip! Advisories are also available from the GraphQL API