The Wayback Machine - https://web.archive.org/web/20210702053239/https://github.com/advisories
Skip to content

GitHub Advisory Database

The latest security vulnerabilities from the world of open source software.

GitHub reviewed advisories

Select ecosystem

Select ecosystem

All reviewed
4,336
Composer
295
Go
155
Maven
749
npm
1,978
NuGet
113
pip
639
RubyGems
407

4,335 advisories

Cached redirect poisoning via X-Forwarded-Host header
CVE-2021-29479 (High severity) was published Jul 1, 2021 io.ratpack:ratpack-core (Maven)
JLLeitschuh
Default client side session signing key is highly predictable
CVE-2021-29480 (Moderate severity) was published Jul 1, 2021 io.ratpack:ratpack-session (Maven)
JLLeitschuh
Unencrypted storage of client side sessions
CVE-2021-29481 (Moderate severity) was published Jul 1, 2021 io.ratpack:ratpack-session (Maven)
JLLeitschuh
Remote Code Execution Vulnerability in Session Storage
CVE-2021-29485 (Critical severity) was published Jul 1, 2021 io.ratpack:ratpack-core (Maven)
JLLeitschuh
Open Redirect in github.com/AndrewBurian/powermux
CVE-2021-32721 (Moderate severity) was published Jul 1, 2021 github.com/AndrewBurian/powermux (Go)
Prototype Pollution in think-helper
CVE-2021-32736 (High severity) was published Jul 1, 2021 think-helper (npm)
Yoshino-s
Arbitrary Command Injection
CVE-2021-23399 (Moderate severity) was published Jun 29, 2021 wincred (npm)
List of order ids, number, items total and token value exposed for unauthorized uses via new API
CVE-2021-32720 (Moderate severity) was published Jun 29, 2021 sylius/sylius (Composer)
Regular Expression Denial of Service (ReDoS) in Prism
CVE-2021-32723 (High severity) was published Jun 28, 2021 prismjs (npm)
XXE vulnerability in Launch import
CVE-2020-12642 (High severity) was published Jun 28, 2021 com.epam.reportportal:service-api (Maven)
Reflected XSS from the callback handler's error query parameter
CVE-2021-32702 (High severity) was published Jun 28, 2021 @auth0/nextjs-auth0 (npm)
inian git-ishanpatel
Missing Authentication for Critical Function
CVE-2021-32709 (Moderate severity) was published Jun 29, 2021 shopware/platform (Composer)
XXE vulnerability on Launch import with externally-defined DTD file
CVE-2021-29620 (High severity) was published Jun 28, 2021 com.epam.reportportal:service-api (Maven)
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19
CVE-2021-31412 (Moderate severity) was published Jun 28, 2021 com.vaadin:vaadin-bom (Maven)
Reflected cross-site scripting in development mode handler in Vaadin
GHSA-8vfw-v2jv-9hwc (Low severity) was published Jun 28, 2021 com.vaadin:flow-server (Maven)
Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19
CVE-2021-33604 (Low severity) was published Jun 28, 2021 com.vaadin:vaadin-bom (Maven)
non-admin users can create integration role with administrator role
GHSA-243q-g9j3-qf6r (Moderate severity) was published Jun 28, 2021 shopware/core (Composer)
Internal hidden fields are visible on to many associations in admin api
GHSA-gpmh-g94g-qrhr (Moderate severity) was published Jun 28, 2021 shopware/core (Composer)
Private files publicly accessible with Cloud Storage providers
GHSA-vrf2-xghr-j52v (High severity) was published Jun 28, 2021 shopware/core (Composer)
Creation of order credits was not validated by acl in admin orders
GHSA-g7w8-pp9w-7p32 (Low severity) was published Jun 28, 2021 shopware/core (Composer)
Canceling of orders not related to the logged-in user
GHSA-wq3r-jwrq-xg6w (Moderate severity) was published Jun 28, 2021 shopware/core (Composer)
Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem
CVE-2021-32708 (Critical severity) was published Jun 29, 2021 league/flysystem (Composer)
stevenseeley
Potential Denial-of-Service in bindata
CVE-2021-32823 (Low severity) was published Jun 23, 2021 bindata (RubyGems)
Incorrect Authorization in ORY Oathkeeper
CVE-2021-32701 (High severity) was published Jun 24, 2021 github.com/ory/oathkeeper (Go)
Cross site scripting in the system log
CVE-2021-35210 (Moderate severity) was published Jul 1, 2021 contao/core-bundle (Composer)
ProTip! Advisories are also available from the GraphQL API