GitHub Advisory Database
3,152 advisories
Filter by severity
PHP Code Injection by malicious function name
CVE-2021-26120
(High severity)
was published Feb 26, 2021
•
smarty/smarty
(Composer)
Open redirects on some federation and push requests
CVE-2021-21273
(Low severity)
was published Feb 26, 2021
•
matrix-synapse
(pip)
Path traversal in Node-Red
CVE-2021-21298
(Low severity)
was published Feb 26, 2021
•
@node-red/runtime
(npm)
Prototype Pollution in Node-Red
CVE-2021-21297
(High severity)
was published Feb 26, 2021
•
@node-red/runtime
(npm)
Open redirect vulnerability in `aiohttp` (`normalize_path_middleware` middleware)
CVE-2021-21330
(Low severity)
was published Feb 26, 2021
•
aiohttp
(pip)
Path traversal in pimcore/pimcore
CVE-2021-23340
(High severity)
was published Feb 25, 2021
•
pimcore/pimcore
(Composer)
XXS in NanoHTTPD
CVE-2020-13697
(Moderate severity)
was published Feb 25, 2021
•
org.nanohttpd:nanohttpd
(Maven)
XML External Entity (XXE) Injection in Jackson Databind
CVE-2020-25649
(High severity)
was published Feb 18, 2021
•
com.fasterxml.jackson.core:jackson-databind
(Maven)
Path traversal in bolt/core
CVE-2021-27367
(High severity)
was published Feb 18, 2021
•
bolt/core
(Composer)
Dynamic modification of RPyC service due to missing security check
CVE-2019-16328
(High severity)
was published Feb 17, 2021
•
rpyc
(pip)
Command Injection Vulnerability
CVE-2021-21315
(Moderate severity)
was published Feb 16, 2021
•
systeminformation
(npm)
Token verification bug in next-auth
CVE-2021-21310
(Low severity)
was published Feb 11, 2021
•
next-auth
(npm)
SSRF by connecting to privileged ports
CVE-2018-7667
(Moderate severity)
was published Feb 11, 2021
•
vrana/adminer
(Composer)
SSRF in adminer
CVE-2021-21311
(Low severity)
was published Feb 11, 2021
•
vrana/adminer
(Composer)
XSS via the history parameter in SQL command
CVE-2020-35572
(High severity)
was published Feb 11, 2021
•
vrana/adminer
(Composer)
Command injection in samba-client
CVE-2021-27185
(Moderate severity)
was published Feb 11, 2021
•
samba-client
(npm)
XSS in Adminer
CVE-2020-35572
(Moderate severity)
was published Feb 11, 2021
•
adminer
(Composer)
•
withdrawn
XSS in apexcharts
CVE-2021-23327
(Moderate severity)
was published Feb 11, 2021
•
apexcharts
(npm)
File System Bounds Escape
CVE-2020-26299
(Moderate severity)
was published Feb 10, 2021
•
ftp-srv
(npm)
Session ID not invalidated after logout
CVE-2021-3311
(Low severity)
was published Feb 10, 2021
•
october/rain
(Composer)
Leak of information via Store-API
GHSA-f2vv-h5x4-57gr
(Critical severity)
was published Feb 10, 2021
•
shopware/platform
(Composer)
Generation of fake documents via public GET-call
GHSA-jvg4-9rc2-wvcr
(Low severity)
was published Feb 10, 2021
•
shopware/platform
(Composer)
Remote Code Execution in SCIMono
CVE-2021-21479
(High severity)
was published Feb 10, 2021
•
com.sap.scimono:scimono-server
(Maven)
Symmetrically encrypting large values can lead to integer overflow
CVE-2020-36242
(Moderate severity)
was published Feb 10, 2021
•
cryptography
(pip)
Regular Expression Denial of Service (REDoS) in Marked
CVE-2021-21306
(Moderate severity)
was published Feb 8, 2021
•
marked
(npm)
ProTip!
Advisories are also available from the
GraphQL API