close
The Wayback Machine - https://web.archive.org/web/20210410210919/https://github.com/advisories
Skip to content
Image

GitHub Advisory Database

3,450 advisories

Improper Input Validation in sopel-plugins.channelmgnt
CVE-2021-21431 (High severity) was published Apr 9, 2021 sopel-plugins.channelmgnt (pip)
Directory Traversal in Django
CVE-2021-28658 (Low severity) was published Apr 8, 2021 Django (pip)
CSRF Vuln can expose user's QRcode
GHSA-fxq4-r6mr-9x64 (Low severity) was published Apr 8, 2021 Flask-Security-Too (pip)
Tampering with links (e.g. password reset) in emails sent by Indico
CVE-2021-30185 (Moderate severity) was published Apr 8, 2021 indico (pip)
Improper Restriction of XML External Entity Reference in Plone
CVE-2020-28734 (High severity) was published Apr 7, 2021 Plone (pip)
Improper Restriction of XML External Entity Reference in Plone
CVE-2020-28736 (High severity) was published Apr 7, 2021 Plone (pip)
SSRF attacks via tracebacks in Plone
CVE-2020-28735 (High severity) was published Apr 7, 2021 Plone (pip)
Improper Certificate Validation in phpseclib
CVE-2021-30130 (Moderate severity) was published Apr 7, 2021 phpseclib/phpseclib (Composer)
Arbitrary code execution in clickhouse-driver
CVE-2020-26759 (Critical severity) was published Apr 7, 2021 clickhouse-driver (pip)
Cross-site scripting in actionpack
CVE-2020-8264 (Moderate severity) was published Apr 7, 2021 actionpack (RubyGems)
Logic error in authentication in proxy.py
CVE-2021-3116 (High severity) was published Apr 7, 2021 proxy.py (pip)
HTTP Request smuggling in bottle
CVE-2020-28473 (Moderate severity) was published Apr 7, 2021 bottle (pip)
Rebuild-bot workflow may allow unauthorised repository modifications
CVE-2021-21423 (Moderate severity) was published Apr 6, 2021 projen (npm)
Exposure of Sensitive Information to an Unauthorized Actor in Ansible
CVE-2020-1739 (Low severity) was published Apr 7, 2021 ansible (pip)
Path Traversal in Ansible
CVE-2020-1735 (Low severity) was published Apr 7, 2021 ansible (pip)
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible
CVE-2020-1753 (Low severity) was published Apr 7, 2021 ansible (pip)
Exposure of Sensitive Information to an Unauthorized Actor and Insecure Temporary File in Ansible
CVE-2020-1740 (Low severity) was published Apr 7, 2021 ansible (pip)
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible
CVE-2020-10684 (Low severity) was published Apr 7, 2021 ansible (pip)
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
CVE-2020-10685 (Low severity) was published Apr 7, 2021 ansible (pip)
Directory exposure in jetty
CVE-2021-28163 (Low severity) was published Apr 6, 2021 org.eclipse.jetty:jetty-deploy (Maven)
svarovski
Uncontrolled Resource Consumption in jetty
CVE-2021-28165 (High severity) was published Apr 6, 2021 org.eclipse.jetty:jetty-io (Maven)
Authorization Before Parsing and Canonicalization in jetty
CVE-2021-28164 (Moderate severity) was published Apr 6, 2021 org.eclipse.jetty:jetty-webapp (Maven)
charlesk40
Command Injection Vulnerability in systeminformation
CVE-2021-21388 (Moderate severity) was published Apr 6, 2021 systeminformation (npm)
ApiKey secret could be revelated on network issue
CVE-2021-21421 (High severity) was published Apr 6, 2021 node-etsy-client (npm)
boly38
Improper Access Control in Airflow
CVE-2021-26559 (Moderate severity) was published Apr 7, 2021 apache-airflow (pip)
ProTip! Advisories are also available from the GraphQL API