The Wayback Machine - https://web.archive.org/web/20210601034306/https://github.com/advisories
Skip to content

GitHub Advisory Database

4,088 advisories

ReDoS in Sec-Websocket-Protocol header
CVE-2021-32640 (Moderate severity) was published May 28, 2021 ws (npm)
robmcl4
constructEvent does not verify header
GHSA-4g53-vp7q-gfjv (High severity) was published May 28, 2021 @worker-tools/stripe-webhook (npm)
Cross-site scripting vulnerability in TinyMCE
GHSA-5vm8-hhgr-jcjp (Moderate severity) was published May 28, 2021 tinymce (npm)
StaticFile.fromUrl can leak presence of a directory
CVE-2021-32643 (Moderate severity) was published May 28, 2021 org.http4s:http4s-core (Maven)
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build
GHSA-jcgr-9698-82jx (Low severity) was published May 28, 2021 @floffah/build (npm)
Arbitrary Code Execution in json-ptr
GHSA-rrqv-vjrw-hrcr (High severity) was published May 26, 2021 json-ptr (npm)
Observable Response Discrepancy in Flask-AppBuilder
CVE-2021-29621 (Moderate severity) was published May 27, 2021 Flask-AppBuilder (pip)
Private Field data leak
CVE-2021-32624 (High severity) was published May 27, 2021 @keystonejs/keystone (npm)
molomby dcousens
Listing of upload directory contents possible
GHSA-qmfx-75ff-8mw6 (High severity) was published May 27, 2021 github.com/ThomasLeister/prosody-filer (Go)
procfs race condition with a shared volume mount
CVE-2019-19921 (Moderate severity) was published May 27, 2021 github.com/opencontainers/runc/libcontainer (Go)
Authentication Bypass in hydra
CVE-2020-5300 (Moderate severity) was published May 27, 2021 github.com/ory/hydra (Go)
Denial of service in Tendermint
CVE-2020-5303 (Low severity) was published May 27, 2021 github.com/tendermint/tendermint/p2p (Go)
Lookup function information discolosure in helm
CVE-2020-11013 (High severity) was published May 27, 2021 helm.sh/helm/v3 (Go)
Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements
CVE-2020-11091 (Moderate severity) was published May 27, 2021 github.com/weaveworks/weave (Go)
Release v0.5.8 of github.com/ulikunitz/xz fixes readUvarint denial of service
CVE-2021-29482 (High severity) was published May 25, 2021 github.com/ulikunitz/xz (Go)
0xdecaf
Insecure permissions on build temporary rootfs in Singularity
CVE-2020-25040 (High severity) was published May 24, 2021 github.com/sylabs/singularity (Go)
dtrudg tri-adam
Local Privilege Escalation in cloudflared
CVE-2020-24356 (Moderate severity) was published May 24, 2021 github.com/cloudflare/cloudflared (Go)
AgentBTZ
Aliases are never checked in helm
CVE-2020-15184 (Low severity) was published May 24, 2021 helm.sh/helm (Go)
Repository index file allows for duplicates of the same chart entry in helm
CVE-2020-15185 (Low severity) was published May 24, 2021 helm.sh/helm (Go)
Improper Sanitizing of plugin names in helm
CVE-2020-15186 (Low severity) was published May 24, 2021 helm.sh/helm (Go)
plugin.yaml file allows for duplicate entries in helm
CVE-2020-15187 (Low severity) was published May 24, 2021 helm.sh/helm (Go)
Signature Validation Bypass in goxmldsig
CVE-2020-15216 (Moderate severity) was published May 24, 2021 github.com/russellhaering/goxmldsig (Go)
jupenur
Ignored errors on token revokation in github.com/ory/fosite
CVE-2020-15223 (High severity) was published May 24, 2021 github.com/ory/fosite (Go)
jclebreton
Token reuse in github.com/ory/fosite
CVE-2020-15222 (High severity) was published May 24, 2021 github.com/ory/fosite (Go)
Authenticated users can exploit an enumeration vulnerability in Harbor
CVE-2020-13794 (Moderate severity) was published May 24, 2021 github.com/goharbor/harbor (Go)
ProTip! Advisories are also available from the GraphQL API