Skip to content

GitHub Advisory Database

Improper rate limiting in Koel
CVE-2021-33563 (Low severity) was published Jun 1, 2021 phanan/koel (Composer)
Insertion of Sensitive Information into Log File in ansible
CVE-2021-20191 (Moderate severity) was published Jun 1, 2021 ansible (pip)
Insertion of Sensitive Information into Log File in ansible
CVE-2021-20178 (Moderate severity) was published Jun 1, 2021 ansible (pip)
Improper Verification of Cryptographic Signature in Apache Pulsar
CVE-2021-22160 (Moderate severity) was published Jun 1, 2021 org.apache.pulsar:pulsar (Maven)
Vulnerability in hyperkitty
CVE-2021-33038 (High severity) was published Jun 1, 2021 HyperKitty (pip)
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
GHSA-55xh-53m6-936r (Moderate severity) was published Jun 1, 2021 com.amazonaws:aws-encryption-sdk-java (Maven)
Improper Verification of Cryptographic Signature in aws-encryption-sdk
GHSA-x5h4-9gqw-942j (Moderate severity) was published Jun 1, 2021 aws-encryption-sdk (pip)
Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript
GHSA-h45p-w933-jxh3 (Moderate severity) was published Jun 1, 2021 @aws-crypto/client-browser (npm)
Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli
GHSA-89v2-g37m-g3ff (Moderate severity) was published Jun 1, 2021 aws-encryption-sdk-cli (pip)
Authentication Bypass in Kiali
CVE-2021-20278 (High severity) was published Jun 1, 2021 github.com/kiali/kiali (Go)
Catastrophic backtracking in URL authority parser when passed URL containing many @ characters
CVE-2021-33503 (Moderate severity) was published Jun 1, 2021 urllib3 (pip)
NariyoshiChida
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint
GHSA-jq42-hfch-42f3 (Moderate severity) was published Jun 1, 2021 github.com/hpcng/singularity (Go)
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint
CVE-2021-32635 (Moderate severity) was published Jun 1, 2021 github.com/sylabs/singularity (Go)
EmmEff
ReDoS in Sec-Websocket-Protocol header
CVE-2021-32640 (Moderate severity) was published May 28, 2021 ws (npm)
robmcl4
constructEvent does not verify header
GHSA-4g53-vp7q-gfjv (High severity) was published May 28, 2021 @worker-tools/stripe-webhook (npm)
Cross-site scripting vulnerability in TinyMCE
GHSA-5vm8-hhgr-jcjp (Moderate severity) was published May 28, 2021 tinymce (npm)
StaticFile.fromUrl can leak presence of a directory
CVE-2021-32643 (Moderate severity) was published May 28, 2021 org.http4s:http4s-core (Maven)
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build
GHSA-jcgr-9698-82jx (Low severity) was published May 28, 2021 @floffah/build (npm)
Arbitrary Code Execution in json-ptr
GHSA-rrqv-vjrw-hrcr (High severity) was published May 26, 2021 json-ptr (npm)
Observable Response Discrepancy in Flask-AppBuilder
CVE-2021-29621 (Moderate severity) was published May 27, 2021 Flask-AppBuilder (pip)
Private Field data leak
CVE-2021-32624 (High severity) was published May 27, 2021 @keystonejs/keystone (npm)
molomby dcousens
Listing of upload directory contents possible
GHSA-qmfx-75ff-8mw6 (High severity) was published May 27, 2021 github.com/ThomasLeister/prosody-filer (Go)
procfs race condition with a shared volume mount
CVE-2019-19921 (Moderate severity) was published May 27, 2021 github.com/opencontainers/runc/libcontainer (Go)
Authentication Bypass in hydra
CVE-2020-5300 (Moderate severity) was published May 27, 2021 github.com/ory/hydra (Go)
Denial of service in Tendermint
CVE-2020-5303 (Low severity) was published May 27, 2021 github.com/tendermint/tendermint/p2p (Go)
ProTip! Advisories are also available from the GraphQL API