Skip to content

GitHub Advisory Database

2,018 advisories

Path Traversal in socket.io-file
GHSA-9h4g-27m8-qjrg (High severity) was published Jul 7, 2020 socket.io-file (npm)
Sensitive information exposure through logs
CVE-2020-15095 (Low severity) was published Jul 7, 2020 npm (npm)
Sensitive information exposure through logs
GHSA-jmqm-f2gx-4fjv (Low severity) was published Jul 7, 2020 npm-registry-fetch (npm)
Denial of service due to reference expansion in versions earlier than 4.0
GHSA-mm44-wc5p-wqhq (High severity) was published Jul 7, 2020 com.upokecenter:cbor (Maven)
Untrusted XML files
GHSA-vjv6-gq77-3mjw (Low severity) was published Jul 7, 2020 org.mapfish.print:print-lib (Maven)
No more used JSONP vulnerabilities
GHSA-w534-q4xf-h5v2 (Low severity) was published Jul 7, 2020 org.mapfish.print:print-lib (Maven)
Potentially sensitive data exposure
GHSA-wwgf-3xp7-cxj4 (Moderate severity) was published Jul 7, 2020 gos/web-socket-bundle (Composer)
CSRF Vulnerability in rails-ujs
CVE-2020-8167 (Moderate severity) was published Jul 7, 2020 actionview (RubyGems)
Potential remote code execution of user-provided local names in ActionView
CVE-2020-8163 (Moderate severity) was published Jul 7, 2020 actionview (RubyGems)
Context isolation bypass via Promise.then bug in V8
CVE-2020-15096 (Low severity) was published Jul 7, 2020 electron (npm)
Context isolation bypass via leaked cross-context objects
CVE-2020-4076 (High severity) was published Jul 7, 2020 electron (npm)
Context isolation bypass via contextBridge
CVE-2020-4077 (High severity) was published Jul 7, 2020 electron (npm)
Arbitrary file read via window-open IPC
CVE-2020-4075 (Moderate severity) was published Jul 7, 2020 electron (npm)
Directory traversal in Rack::Directory app bundled with Rack
CVE-2020-8161 (Moderate severity) was published Jul 6, 2020 rack (RubyGems)
Potential self-XSS when pasting content from malicious websites
CVE-2020-4061 (Low severity) was published Jul 2, 2020 october/october (Composer)
XML external entity injection in Terracotta Quartz Scheduler
CVE-2019-13990 (Moderate severity) was published Jul 1, 2020 org.quartz-scheduler:quartz (Maven)
Directory traversal in Apache RocketMQ
CVE-2019-17572 (Moderate severity) was published Jul 1, 2020 org.apache.rocketmq:rocketmq-broker (Maven)
Privilege escalation in mysql-connector-jav
CVE-2019-2692 (Moderate severity) was published Jul 1, 2020 mysql:mysql-connector-java (Maven)
XML External Entity Injection in XStream
CVE-2016-3674 (High severity) was published Jun 30, 2020 com.thoughtworks.xstream:xstream (Maven)
Denial of service in XStream
CVE-2017-7957 (High severity) was published Jun 30, 2020 com.thoughtworks.xstream:xstream (Maven)
Information Exposure in Netty
CVE-2015-2156 (High severity) was published Jun 30, 2020 io.netty:netty-handler (Maven)
Denial of service in Netty
CVE-2014-3488 (Moderate severity) was published Jun 30, 2020 io.netty:netty-handler (Maven)
Deserialization of Untrusted Data in jackson-databind
CVE-2018-5968 (High severity) was published Jun 30, 2020 com.fasterxml.jackson.core:jackson-databind (Maven)
Privilege escalation for internal APIs
CVE-2020-15087 (High severity) was published Jun 30, 2020 io.prestosql:presto-server (Maven)
auth bypass in express-jwt
CVE-2020-15084 (High severity) was published Jun 30, 2020 express-jwt (npm)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.