GitHub Advisory Database
4,101 advisories
Filter by severity
Improper rate limiting in Koel
CVE-2021-33563
(Low severity)
was published Jun 1, 2021
•
phanan/koel
(Composer)
Insertion of Sensitive Information into Log File in ansible
CVE-2021-20191
(Moderate severity)
was published Jun 1, 2021
•
ansible
(pip)
Insertion of Sensitive Information into Log File in ansible
CVE-2021-20178
(Moderate severity)
was published Jun 1, 2021
•
ansible
(pip)
Improper Verification of Cryptographic Signature in Apache Pulsar
CVE-2021-22160
(Moderate severity)
was published Jun 1, 2021
•
org.apache.pulsar:pulsar
(Maven)
Vulnerability in hyperkitty
CVE-2021-33038
(High severity)
was published Jun 1, 2021
•
HyperKitty
(pip)
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
GHSA-55xh-53m6-936r
(Moderate severity)
was published Jun 1, 2021
•
com.amazonaws:aws-encryption-sdk-java
(Maven)
Improper Verification of Cryptographic Signature in aws-encryption-sdk
GHSA-x5h4-9gqw-942j
(Moderate severity)
was published Jun 1, 2021
•
aws-encryption-sdk
(pip)
Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript
GHSA-h45p-w933-jxh3
(Moderate severity)
was published Jun 1, 2021
•
@aws-crypto/client-browser
(npm)
Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli
GHSA-89v2-g37m-g3ff
(Moderate severity)
was published Jun 1, 2021
•
aws-encryption-sdk-cli
(pip)
Authentication Bypass in Kiali
CVE-2021-20278
(High severity)
was published Jun 1, 2021
•
github.com/kiali/kiali
(Go)
Catastrophic backtracking in URL authority parser when passed URL containing many @ characters
CVE-2021-33503
(Moderate severity)
was published Jun 1, 2021
•
urllib3
(pip)
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint
GHSA-jq42-hfch-42f3
(Moderate severity)
was published Jun 1, 2021
•
github.com/hpcng/singularity
(Go)
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint
CVE-2021-32635
(Moderate severity)
was published Jun 1, 2021
•
github.com/sylabs/singularity
(Go)
ReDoS in Sec-Websocket-Protocol header
CVE-2021-32640
(Moderate severity)
was published May 28, 2021
•
ws
(npm)
constructEvent does not verify header
GHSA-4g53-vp7q-gfjv
(High severity)
was published May 28, 2021
•
@worker-tools/stripe-webhook
(npm)
Cross-site scripting vulnerability in TinyMCE
GHSA-5vm8-hhgr-jcjp
(Moderate severity)
was published May 28, 2021
•
tinymce
(npm)
StaticFile.fromUrl can leak presence of a directory
CVE-2021-32643
(Moderate severity)
was published May 28, 2021
•
org.http4s:http4s-core
(Maven)
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build
GHSA-jcgr-9698-82jx
(Low severity)
was published May 28, 2021
•
@floffah/build
(npm)
Arbitrary Code Execution in json-ptr
GHSA-rrqv-vjrw-hrcr
(High severity)
was published May 26, 2021
•
json-ptr
(npm)
Observable Response Discrepancy in Flask-AppBuilder
CVE-2021-29621
(Moderate severity)
was published May 27, 2021
•
Flask-AppBuilder
(pip)
Private Field data leak
CVE-2021-32624
(High severity)
was published May 27, 2021
•
@keystonejs/keystone
(npm)
Listing of upload directory contents possible
GHSA-qmfx-75ff-8mw6
(High severity)
was published May 27, 2021
•
github.com/ThomasLeister/prosody-filer
(Go)
procfs race condition with a shared volume mount
CVE-2019-19921
(Moderate severity)
was published May 27, 2021
•
github.com/opencontainers/runc/libcontainer
(Go)
Authentication Bypass in hydra
CVE-2020-5300
(Moderate severity)
was published May 27, 2021
•
github.com/ory/hydra
(Go)
Denial of service in Tendermint
CVE-2020-5303
(Low severity)
was published May 27, 2021
•
github.com/tendermint/tendermint/p2p
(Go)
ProTip!
Advisories are also available from the
GraphQL API