The Wayback Machine - https://web.archive.org/web/20211203164303/https://github.com/advisories
Skip to content

GitHub Advisory Database

The latest security vulnerabilities from the world of open source software.

5,521 advisories

Loading
Path Traversal in com.linecorp.armeria:armeria High
CVE-2021-43795 was published for com.linecorp.armeria:armeria (Maven) Dec 2, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts Critical
CVE-2019-0230 was published for org.apache.struts:struts2-core (Maven) Dec 2, 2021
XSS in Hexo Moderate
CVE-2021-25987 was published for hexo (npm) Dec 1, 2021
Incorrect Permission Assignment for Critical Resource in HashiCorp Vault Critical
CVE-2021-43998 was published for github.com/hashicorp/vault (Go) Dec 2, 2021
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4026 was published for ssddanbrown/bookstack (Composer) Dec 1, 2021
Use After Free in lucet High
CVE-2021-43790 was published for lucet-runtime (Rust) Nov 30, 2021
iximeow acfoltzer
cratelyn aturon alexcrichton aggarwaa
Path traversal in translator module in NodeBB Moderate
CVE-2021-43788 was published for nodebb (npm) Nov 30, 2021
paul-gerste-sonarsource
XSS via prototype pollution in NodeBB Critical
CVE-2021-43787 was published for nodebb (npm) Nov 30, 2021
paul-gerste-sonarsource
API token verification can be bypassed in NodeBB Critical
CVE-2021-43786 was published for nodebb (npm) Nov 30, 2021
paul-gerste-sonarsource
S3Scanner before 2.0.2 allows Directory Traversal Moderate
CVE-2021-32061 was published for s3scanner (pip) Nov 30, 2021
SQL Injection in rosariosis Critical
CVE-2021-44427 was published for francoisjacquet/rosariosis (Composer) Dec 2, 2021
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext Moderate
GHSA-fxwm-rx68-p5vx was published for ezsystems/ezplatform-richtext (Composer) Dec 1, 2021
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext Moderate
GHSA-9jp8-cwwx-p64q was published for ezsystems/ezplatform-admin-ui (Composer) Dec 1, 2021
Improper Neutralization of Formula Elements in a CSV File in html-2-csv Moderate
CVE-2021-23654 was published for html-2-csv (pip) Nov 30, 2021
Path Traversal in @backstage/plugin-scaffolder-backend High
CVE-2021-43783 was published for @backstage/plugin-scaffolder-backend (npm) Dec 1, 2021
Cross-Site Scripting Vulnerability in @joeattardi/emoji-button High
CVE-2021-43785 was published for @joeattardi/emoji-button (npm) Dec 1, 2021
erik-krogh agustingianni
RCE vulnerability affecting v1beta3 templates in @backstage/plugin-scaffolder-backend High
GHSA-2g8g-63j4-9w3r was published for @backstage/plugin-scaffolder-backend (npm) Dec 1, 2021
Cross-Site Scripting vulnerability in @backstage/plugin-auth-backend High
CVE-2021-43776 was published for @backstage/plugin-auth-backend (npm) Dec 1, 2021
Potential Zip Slip Vulnerability in baserCMS High
CVE-2021-41279 was published for baserproject/basercms (Composer) Dec 1, 2021
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS Critical
CVE-2021-41243 was published for baserproject/basercms (Composer) Dec 1, 2021
ReDoS in LDAP schema parser Moderate
GHSA-r8wq-qrxc-hmcm was published for python-ldap (pip) Nov 29, 2021
Incorrect Default Permissions in Apache JSPWiki Critical
CVE-2021-44140 was published for org.apache.jspwiki:jspwiki-main (Maven) Nov 29, 2021
Cross-site Scripting in github.com/schollz/rwtxt Moderate
CVE-2021-20848 was published for github.com/schollz/rwtxt (Go) Nov 29, 2021
Cross-site Scripting in Apache JSPWiki Moderate
CVE-2021-40369 was published for org.apache.jspwiki:jspwiki-main (Maven) Dec 2, 2021
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40828 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
ProTip! Advisories are also available from the GraphQL API