The Wayback Machine - https://web.archive.org/web/20210416023453/https://github.com/advisories
Skip to content

GitHub Advisory Database

3,521 advisories

Cross-Site Request Forgery (CSRF) in trestle-auth
CVE-2021-29435 (High severity) was published Apr 13, 2021 trestle-auth (RubyGems)
tomekr aj-hall
utkanos
Improper parsing of octal bytes
CVE-2021-28918 (Critical severity) was published Apr 14, 2021 netmask (npm)
After order payment process manipulation in shopware/platform and shopware/core
GHSA-88rc-3p98-rgvx (Critical severity) was published Apr 13, 2021 shopware/core (Composer)
Exposure of .env if project root is configured as web root in shopware/production
GHSA-3pcr-4982-548m (Moderate severity) was published Apr 13, 2021 shopware/production (Composer)
Leak of information via Store-API aggregations in shopware/platform and shopware/core
GHSA-qg7c-q3vq-rgxr (Critical severity) was published Apr 13, 2021 shopware/core (Composer)
Out-of-bounds Write in Chakra
CVE-2020-17131 (High severity) was published Apr 13, 2021 Microsoft.ChakraCore (NuGet)
Open redirect via transitional IPv6 addresses on dual-stack networks
CVE-2021-21392 (Moderate severity) was published Apr 13, 2021 matrix-synapse (pip)
mscherer
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
CVE-2021-21394 (Moderate severity) was published Apr 13, 2021 matrix-synapse (pip)
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
CVE-2021-21393 (Moderate severity) was published Apr 13, 2021 matrix-synapse (pip)
User (Encrypted) Password Field Being Serialised
GHSA-7fjp-g4m7-fx23 (Low severity) was published Apr 13, 2021 pwweb/laravel-core (Composer)
Potential API key leak
GHSA-63rq-p8fp-524q (Moderate severity) was published Apr 13, 2021 sopel-modules.weather (pip)
Prototype Pollution in set-or-get
CVE-2021-25913 (Critical severity) was published Apr 12, 2021 set-or-get (npm)
Exposure of Resource to Wrong Sphere in valib
CVE-2019-10805 (Moderate severity) was published Apr 13, 2021 valib (npm)
Incorrect permission enforcement in UmbracoCms
CVE-2020-29454 (Moderate severity) was published Apr 13, 2021 UmbracoCms (NuGet)
OS Command Injection in giting
CVE-2019-10802 (High severity) was published Apr 13, 2021 seria-number (npm)
OS Command Injection in serial-number
CVE-2019-10804 (High severity) was published Apr 13, 2021 serial-number (npm)
Improper Authentication in react-adal
CVE-2020-7787 (High severity) was published Apr 13, 2021 react-adal (npm)
Improper Input Validation in sopel-plugins.channelmgnt
CVE-2021-21431 (High severity) was published Apr 9, 2021 sopel-plugins.channelmgnt (pip)
OS Command Injection in enpeem
CVE-2019-10801 (High severity) was published Apr 13, 2021 enpeem (npm)
Command injection in corenlp-js-prefab
CVE-2020-28439 (Critical severity) was published Apr 13, 2021 corenlp-js-prefab (npm)
OS Command Injection
CVE-2019-10799 (High severity) was published Apr 13, 2021 compile-sass (npm)
Uncontrolled Resource Consumption in rdf-graph-array
CVE-2019-10798 (Moderate severity) was published Apr 13, 2021 rdf-graph-array (npm)
OS Command Injection in rpi
CVE-2019-10796 (Moderate severity) was published Apr 13, 2021 rpi (npm)
Directory Traversal in Django
CVE-2021-28658 (Low severity) was published Apr 8, 2021 Django (pip)
CSRF Vuln can expose user's QRcode
GHSA-fxq4-r6mr-9x64 (Low severity) was published Apr 8, 2021 Flask-Security-Too (pip)
ProTip! Advisories are also available from the GraphQL API