GitHub Advisory Database
2,986 advisories
Filter by severity
XML External Entity in Dashboard Widget
CVE-2020-26229
(Low severity)
was published Nov 23, 2020
•
typo3/cms-core
(Composer)
Cleartext storage of session identifier
CVE-2020-26228
(High severity)
was published Nov 23, 2020
•
typo3/cms-core
(Composer)
Bypass of fix for CVE-2020-15247, Twig sandbox escape
CVE-2020-26231
(Low severity)
was published Nov 23, 2020
•
october/cms
(Composer)
Stored XSS by authenticated backend user with access to upload files
CVE-2020-15249
(Low severity)
was published Nov 23, 2020
•
october/backend
(Composer)
Privilege escalation by backend users assigned to the default "Publisher" system role
CVE-2020-15248
(Low severity)
was published Nov 23, 2020
•
october/backend
(Composer)
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
CVE-2020-15247
(Low severity)
was published Nov 23, 2020
•
october/cms
(Composer)
Local File Inclusion by unauthenticated users
CVE-2020-15246
(Low severity)
was published Nov 23, 2020
•
october/cms
(Composer)
Secret disclosure when containing characters that become URI encoded
CVE-2020-26226
(High severity)
was published Nov 18, 2020
•
semantic-release
(npm)
Open redirect in Jupyter Notebook
CVE-2020-26215
(Moderate severity)
was published Nov 18, 2020
•
notebook
(pip)
Cross-Site Scripting through Fluid view helper arguments
CVE-2020-26216
(Moderate severity)
was published Nov 18, 2020
•
typo3fluid/fluid
(Composer)
Reflected XSS with parameters in PostComment
CVE-2020-26225
(Moderate severity)
was published Nov 16, 2020
•
prestashop/productcomments
(Composer)
XStream can be used for Remote Code Execution
CVE-2020-26217
(High severity)
was published Nov 16, 2020
•
com.thoughtworks.xstream:xstream
(Maven)
Persistent XSS in shopping worlds
GHSA-28fw-88hq-6jmm
(Low severity)
was published Nov 13, 2020
•
shopware/shopware
(Composer)
Persistent XSS in newsletter module in Shopware
GHSA-hrfh-fp4x-crrq
(Low severity)
was published Nov 13, 2020
•
shopware/shopware
(Composer)
Vulnerability in RPKI manifest validation
GHSA-q76j-58cx-wp5v
(High severity)
was published Nov 13, 2020
•
net.ripe.rpki:rpki-validator-3
(Maven)
Authorization bypass in Spree
CVE-2020-26223
(High severity)
was published Nov 13, 2020
•
spree_api
(RubyGems)
Float cast overflow undefined behavior
CVE-2020-15266
(Low severity)
was published Nov 13, 2020
•
tensorflow
(pip)
Segfault in `tf.quantization.quantize_and_dequantize`
CVE-2020-15265
(Low severity)
was published Nov 13, 2020
•
tensorflow
(pip)
Remote code execution in dependabot-core branch names when cloning
CVE-2020-26222
(Low severity)
was published Nov 13, 2020
•
dependabot-common
(RubyGems)
Persistent XSS in customer module in Shopware
GHSA-6gv9-7q4g-pmvm
(Low severity)
was published Nov 13, 2020
•
shopware/shopware
(Composer)
Prototype Pollution in json-logic-js
GHSA-m9hw-7xfv-wqg7
(High severity)
was published Nov 12, 2020
•
json-logic-js
(npm)
Exploitable inventory component chaining in PocketMine-MP
GHSA-8jq6-w5cg-wm45
(High severity)
was published Nov 11, 2020
•
pocketmine/pocketmine-mp
(Composer)
remote code execution via cache action in MoinMoin
CVE-2020-25074
(Critical severity)
was published Nov 11, 2020
•
moin
(pip)
malicious SVG attachment causing stored XSS vulnerability
CVE-2020-15275
(Low severity)
was published Nov 11, 2020
•
moin
(pip)
Web Cache Poisoning in find-my-way
CVE-2020-7764
(Moderate severity)
was published Nov 9, 2020
•
find-my-way
(npm)
ProTip! Advisories are also available from the
GraphQL API.