Skip to content

GitHub Advisory Database

2,986 advisories

XML External Entity in Dashboard Widget
CVE-2020-26229 (Low severity) was published Nov 23, 2020 typo3/cms-core (Composer)
Cleartext storage of session identifier
CVE-2020-26228 (High severity) was published Nov 23, 2020 typo3/cms-core (Composer)
Bypass of fix for CVE-2020-15247, Twig sandbox escape
CVE-2020-26231 (Low severity) was published Nov 23, 2020 october/cms (Composer)
Stored XSS by authenticated backend user with access to upload files
CVE-2020-15249 (Low severity) was published Nov 23, 2020 october/backend (Composer)
Privilege escalation by backend users assigned to the default "Publisher" system role
CVE-2020-15248 (Low severity) was published Nov 23, 2020 october/backend (Composer)
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
CVE-2020-15247 (Low severity) was published Nov 23, 2020 october/cms (Composer)
Local File Inclusion by unauthenticated users
CVE-2020-15246 (Low severity) was published Nov 23, 2020 october/cms (Composer)
Secret disclosure when containing characters that become URI encoded
CVE-2020-26226 (High severity) was published Nov 18, 2020 semantic-release (npm)
Open redirect in Jupyter Notebook
CVE-2020-26215 (Moderate severity) was published Nov 18, 2020 notebook (pip)
Cross-Site Scripting through Fluid view helper arguments
CVE-2020-26216 (Moderate severity) was published Nov 18, 2020 typo3fluid/fluid (Composer)
Reflected XSS with parameters in PostComment
CVE-2020-26225 (Moderate severity) was published Nov 16, 2020 prestashop/productcomments (Composer)
XStream can be used for Remote Code Execution
CVE-2020-26217 (High severity) was published Nov 16, 2020 com.thoughtworks.xstream:xstream (Maven)
Persistent XSS in shopping worlds
GHSA-28fw-88hq-6jmm (Low severity) was published Nov 13, 2020 shopware/shopware (Composer)
Persistent XSS in newsletter module in Shopware
GHSA-hrfh-fp4x-crrq (Low severity) was published Nov 13, 2020 shopware/shopware (Composer)
Vulnerability in RPKI manifest validation
GHSA-q76j-58cx-wp5v (High severity) was published Nov 13, 2020 net.ripe.rpki:rpki-validator-3 (Maven)
Authorization bypass in Spree
CVE-2020-26223 (High severity) was published Nov 13, 2020 spree_api (RubyGems)
Float cast overflow undefined behavior
CVE-2020-15266 (Low severity) was published Nov 13, 2020 tensorflow (pip)
Segfault in `tf.quantization.quantize_and_dequantize`
CVE-2020-15265 (Low severity) was published Nov 13, 2020 tensorflow (pip)
Remote code execution in dependabot-core branch names when cloning
CVE-2020-26222 (Low severity) was published Nov 13, 2020 dependabot-common (RubyGems)
Persistent XSS in customer module in Shopware
GHSA-6gv9-7q4g-pmvm (Low severity) was published Nov 13, 2020 shopware/shopware (Composer)
Prototype Pollution in json-logic-js
GHSA-m9hw-7xfv-wqg7 (High severity) was published Nov 12, 2020 json-logic-js (npm)
Exploitable inventory component chaining in PocketMine-MP
GHSA-8jq6-w5cg-wm45 (High severity) was published Nov 11, 2020 pocketmine/pocketmine-mp (Composer)
remote code execution via cache action in MoinMoin
CVE-2020-25074 (Critical severity) was published Nov 11, 2020 moin (pip)
malicious SVG attachment causing stored XSS vulnerability
CVE-2020-15275 (Low severity) was published Nov 11, 2020 moin (pip)
Web Cache Poisoning in find-my-way
CVE-2020-7764 (Moderate severity) was published Nov 9, 2020 find-my-way (npm)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.