The Wayback Machine - https://web.archive.org/web/20210621081423/https://github.com/advisories
Skip to content

GitHub Advisory Database

4,237 advisories

Passing in a non-string 'html' argument can lead to unsanitized output
CVE-2021-32696 (Moderate severity) was published Jun 18, 2021 striptags (npm)
erik-krogh
CRLF injection
CVE-2020-26137 (Moderate severity) was published Jun 18, 2021 urllib3 (pip)
Billion laughs attack (XML bomb)
CVE-2021-32623 (High severity) was published Jun 17, 2021 org.opencastproject:opencast-kernel (Maven)
darolfes Rillke
lkiesow
Cross-site Scripting in wagtail
CVE-2021-32681 (Moderate severity) was published Jun 17, 2021 wagtail (pip)
Multiple vulnerabilities leading to RCE
CVE-2021-32682 (Critical severity) was published Jun 16, 2021 studio-42/elfinder (Composer)
thomas-chauchefoin-sonarsource
Unsafe upload filtering leading to remote code execution
CVE-2021-23394 (High severity) was published Jun 15, 2021 studio-42/elfinder (Composer)
assaf-benjosef thomas-chauchefoin-sonarsource
Infinite loop
CVE-2021-31812 (Moderate severity) was published Jun 15, 2021 org.apache.pdfbox:pdfbox (Maven)
Uncontrolled memory consumption
CVE-2021-31811 (Moderate severity) was published Jun 15, 2021 org.apache.pdfbox:pdfbox (Maven)
Open redirect
CVE-2021-23393 (Moderate severity) was published Jun 15, 2021 Flask-Unchained (pip)
Cross-Site Scripting
CVE-2021-20293 (High severity) was published Jun 15, 2021 org.jboss.resteasy:resteasy-bom (Maven)
Path traversal
CVE-2021-34363 (Critical severity) was published Jun 15, 2021 thefuck (pip)
Cross-site scripting in Jenkins Kiuwan Plugin
CVE-2021-21666 (Moderate severity) was published Jun 16, 2021 org.jenkins-ci.plugins:kiuwanJenkinsPlugin (Maven)
Missing Authorization
CVE-2021-21661 (Moderate severity) was published Jun 16, 2021 org.jenkins-ci.plugins:kubernetes-cli (Maven)
Improper Validation of Specified Type of Input
CVE-2021-20329 (Moderate severity) was published Jun 15, 2021 go.mongodb.org/mongo-driver (Go)
Observable Timing Discrepancy in aaugustin websockets library
CVE-2021-33880 (High severity) was published Jun 11, 2021 websockets (pip)
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox
CVE-2021-20259 (High severity) was published Jun 10, 2021 foreman_fog_proxmox (RubyGems)
Path Traversal in Django
CVE-2021-33203 (Moderate severity) was published Jun 10, 2021 django (pip)
Bypass of access control in Django
CVE-2021-33571 (High severity) was published Jun 10, 2021 django (pip)
Authentication bypass in SilverStripe GraphQL
CVE-2020-26136 (Moderate severity) was published Jun 10, 2021 silverstripe/graphql (Composer)
Path Traversal in Zope
CVE-2021-32674 (High severity) was published Jun 10, 2021 Zope (pip)
Reflected cross-site scripting issue in Datasette
CVE-2021-32670 (High severity) was published Jun 10, 2021 datasette (pip)
Uncontrolled Resource Consumption in locutus
CVE-2021-23392 (High severity) was published Jun 10, 2021 locutus (npm)
Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability
CVE-2021-28169 (Moderate severity) was published Jun 10, 2021 org.eclipse.jetty:jetty-servlets (Maven)
stevenseeley
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone
CVE-2020-28924 (High severity) was published Jun 10, 2021 github.com/rclone/rclone (Go)
Cross-Site Request Forgery (CSRF) in FastAPI
CVE-2021-32677 (High severity) was published Jun 10, 2021 fastapi (pip)
b0g3r
ProTip! Advisories are also available from the GraphQL API