The Wayback Machine - https://web.archive.org/web/20210617071134/https://github.com/advisories
Skip to content

GitHub Advisory Database

4,221 advisories

Multiple vulnerabilities leading to RCE
CVE-2021-32682 (Critical severity) was published Jun 16, 2021 studio-42/elfinder (Composer)
thomas-chauchefoin-sonarsource
Unsafe upload filtering leading to remote code execution
CVE-2021-23394 (High severity) was published Jun 15, 2021 studio-42/elfinder (Composer)
assaf-benjosef thomas-chauchefoin-sonarsource
Infinite loop
CVE-2021-31812 (Moderate severity) was published Jun 15, 2021 org.apache.pdfbox:pdfbox (Maven)
Uncontrolled memory consumption
CVE-2021-31811 (Moderate severity) was published Jun 15, 2021 org.apache.pdfbox:pdfbox (Maven)
Open redirect
CVE-2021-23393 (Moderate severity) was published Jun 15, 2021 Flask-Unchained (pip)
Cross-Site Scripting
CVE-2021-20293 (High severity) was published Jun 15, 2021 org.jboss.resteasy:resteasy-bom (Maven)
Path traversal
CVE-2021-34363 (Critical severity) was published Jun 15, 2021 thefuck (pip)
Cross-site scripting in Jenkins Kiuwan Plugin
CVE-2021-21666 (Moderate severity) was published Jun 16, 2021 org.jenkins-ci.plugins:kiuwanJenkinsPlugin (Maven)
Missing Authorization
CVE-2021-21661 (Moderate severity) was published Jun 16, 2021 org.jenkins-ci.plugins:kubernetes-cli (Maven)
Improper Validation of Specified Type of Input
CVE-2021-20329 (Moderate severity) was published Jun 15, 2021 go.mongodb.org/mongo-driver (Go)
Observable Timing Discrepancy in aaugustin websockets library
CVE-2021-33880 (High severity) was published Jun 11, 2021 websockets (pip)
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox
CVE-2021-20259 (High severity) was published Jun 10, 2021 foreman_fog_proxmox (RubyGems)
Path Traversal in Django
CVE-2021-33203 (Moderate severity) was published Jun 10, 2021 django (pip)
Bypass of access control in Django
CVE-2021-33571 (High severity) was published Jun 10, 2021 django (pip)
Authentication bypass in SilverStripe GraphQL
CVE-2020-26136 (High severity) was published Jun 10, 2021 silverstripe/graphql (Composer)
Path Traversal in Zope
CVE-2021-32674 (High severity) was published Jun 10, 2021 Zope (pip)
Reflected cross-site scripting issue in Datasette
CVE-2021-32670 (High severity) was published Jun 10, 2021 datasette (pip)
Uncontrolled Resource Consumption in locutus
CVE-2021-23392 (High severity) was published Jun 10, 2021 locutus (npm)
Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability
CVE-2021-28169 (Moderate severity) was published Jun 10, 2021 org.eclipse.jetty:jetty-servlets (Maven)
stevenseeley
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone
CVE-2020-28924 (High severity) was published Jun 10, 2021 github.com/rclone/rclone (Go)
Cross-Site Request Forgery (CSRF) in FastAPI
CVE-2021-32677 (Moderate severity) was published Jun 10, 2021 fastapi (pip)
b0g3r
Privilege Context Switching Error in wildlfy
CVE-2020-1719 (High severity) was published Jun 8, 2021 org.wildfly.bom:wildfly (Maven)
Remote Code Execution via traversal in TAL expressions
GHSA-rpcg-f9q6-2mq6 (High severity) was published Jun 8, 2021 Zope (pip)
Arbitrary File Write via Archive Extraction (Zip Slip)
CVE-2021-23391 (High severity) was published Jun 8, 2021 calipso (npm)
Remote Command Execution in reg-keygen-git-hash-plugin
CVE-2021-32673 (High severity) was published Jun 8, 2021 reg-keygen-git-hash-plugin (npm)
progfay
ProTip! Advisories are also available from the GraphQL API