close
The Wayback Machine - https://web.archive.org/web/20210208111805/https://github.com/advisories
Skip to content
Image

GitHub Advisory Database

3,113 advisories

Open redirect in Slashify
CVE-2021-3189 (High severity) was published Feb 5, 2021 slashify (npm)
Code injection in Apache Ant
CVE-2020-11979 (High severity) was published Feb 3, 2021 org.apache.ant:ant (Maven)
Command injection in total.js
CVE-2020-28494 (High severity) was published Feb 5, 2021 total.js (npm)
Prototype pollution in total.js
CVE-2020-28495 (High severity) was published Feb 5, 2021 total.js (npm)
Prototype pollution in dotty
CVE-2021-25912 (Moderate severity) was published Feb 5, 2021 dotty (npm)
Unbounded connection acceptance in http4s-blaze-server
CVE-2021-21294 (High severity) was published Feb 2, 2021 org.http4s:http4s-blaze-server_2.12 (Maven)
Unbounded connection acceptance leads to file handle exhaustion
CVE-2021-21293 (High severity) was published Feb 2, 2021 org.http4s:blaze-core_2.11 (Maven)
Command Injection Vulnerability in Mechanize
CVE-2021-21289 (Low severity) was published Feb 2, 2021 mechanize (RubyGems)
Cross-site scripting in Bleach
GHSA-vv2x-vrpj-qqpq (Moderate severity) was published Feb 2, 2021 bleach (pip)
Unexpected database bindings
GHSA-x7p5-p2c9-phvg (High severity) was published Feb 2, 2021 illuminate/database (Composer)
Reflected Cross-site Scripting in ACS Commons
CVE-2021-21028 (High severity) was published Feb 2, 2021 com.adobe.acs:acs-aem-commons (Maven)
Denial of Service in uap-core
GHSA-p4pj-mg4r-x6v4 (High severity) was published Feb 2, 2021 uap-core (npm)
Angular Expressions - Remote Code Execution
CVE-2021-21277 (Low severity) was published Feb 1, 2021 angular-expressions (npm)
Prototype pollution in nested-object-assign
CVE-2021-23329 (High severity) was published Feb 1, 2021 nested-object-assign (npm)
Regular expression Denial of Service in Markdown plugin
CVE-2021-21254 (Low severity) was published Jan 29, 2021 @ckeditor/ckeditor5-markdown-gfm (npm)
Processing untrusted theming resources might execute arbitrary code (ACE)
GHSA-3crj-w4f5-gwh4 (High severity) was published Jan 29, 2021 less-openui5 (npm)
Steam Socialite Provider v1 does not correctly validate openid server
GHSA-hhw9-35p2-q2c5 (Critical severity) was published Jan 29, 2021 socialiteproviders/steam (Composer)
XSS in Mautic
CVE-2021-3142 (High severity) was published Jan 29, 2021 mautic/core (Composer)
XML External Entity attack in log4net
CVE-2018-1285 (High severity) was published Jan 29, 2021 log4net (NuGet)
Malicious npm package: an0n-chat-lib
GHSA-7xcv-wvr7-4h6p (Critical severity) was published Jan 29, 2021 an0n-chat-lib (npm)
Malicious npm package: discord-fix
GHSA-qv2g-99x4-45x6 (Critical severity) was published Jan 29, 2021 discord-fix (npm)
Malicious npm package: sonatype
GHSA-w8fh-pvq2-x8c4 (Critical severity) was published Jan 29, 2021 sonatype (npm)
IPC messages delivered to the wrong frame in Electron
CVE-2020-26272 (Moderate severity) was published Jan 28, 2021 electron (npm)
OS Command Injection in async-git
CVE-2021-3190 (Moderate severity) was published Jan 29, 2021 async-git (npm)
Path traversal in Node-RED-Dashboard
CVE-2021-3223 (High severity) was published Jan 29, 2021 node-red-dashboard (npm)
ProTip! Advisories are also available from the GraphQL API.