GitHub Advisory Database
2,111 advisories
Filter by severity
Cross Site Scripting (XSS) and Remote Code Execution (RCE)
CVE-2020-15159
(Low severity)
was published Aug 28, 2020
•
baserproject/basercms
(Composer)
Cross-Site Scripting in dompurify
CVE-2019-16728
(Moderate severity)
was published Aug 28, 2020
•
dompurify
(npm)
Cross-Site Scripting in novnc
CVE-2017-18635
(Moderate severity)
was published Aug 28, 2020
•
@novnc/novnc
(npm)
Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings
CVE-2020-15155
(Low severity)
was published Aug 28, 2020
•
baserproject/basercms
(Composer)
Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Content list
CVE-2020-15154
(Low severity)
was published Aug 28, 2020
•
baserproject/basercms
(Composer)
Server secret was included in static assets and served to clients
GHSA-r587-7jh2-4qr3
(Critical severity)
was published Aug 26, 2020
•
flood
(npm)
XSS due to lack of CSRF validation for replying/publishing
CVE-2020-15156
(Moderate severity)
was published Aug 26, 2020
•
nodebb-plugin-blog-comments
(npm)
Sandbox Escape in safe-eval
CVE-2020-7710
(High severity)
was published Aug 25, 2020
•
safe-eval
(npm)
Cross-Site Scripting in highcharts
GHSA-gr4j-r575-g665
(High severity)
was published Aug 25, 2020
•
highcharts
(npm)
Remote Code Execution in Streams module
CVE-2020-15147
(High severity)
was published Aug 21, 2020
•
Red-DiscordBot
(pip)
Remote Code Execution in Trivia module
CVE-2020-15140
(High severity)
was published Aug 21, 2020
•
Red-DiscordBot
(pip)
Incorrect threshold signature computation
CVE-2020-6174
(High severity)
was published Aug 21, 2020
•
tuf
(pip)
Potential client DoS for attacker that can create metadata files on the repository
CVE-2020-6173
(Low severity)
was published Aug 21, 2020
•
tuf
(pip)
Inadequate Encryption Strength in bcrypt
CVE-2020-7689
(Moderate severity)
was published Aug 20, 2020
•
bcrypt
(npm)
DOM-based XSS in Lock
CVE-2020-15119
(Low severity)
was published Aug 19, 2020
•
auth0-lock
(npm)
Remote Code Execution in ParametersParser while using request parameters inside expression language
CVE-2020-15143
(High severity)
was published Aug 19, 2020
•
sylius/resource-bundle
(Composer)
Remote Code Execution in OptionsParser while using request parameters inside expression language
CVE-2020-15146
(Critical severity)
was published Aug 19, 2020
•
sylius/resource-bundle
(Composer)
Observable Timing Discrepancy
CVE-2020-15151
(High severity)
was published Aug 19, 2020
•
openmage/magento-lts
(Composer)
CSRF in Play Framework
CVE-2020-12480
(Low severity)
was published Aug 18, 2020
•
com.typesafe.play:play_2.12
(Maven)
Server-Side Request Forgery
CVE-2020-15152
(Critical severity)
was published Aug 17, 2020
•
ftp-srv
(npm)
Data Injection Vulnerability in moped Rubygem
CVE-2015-4410
(Moderate severity)
was published Aug 19, 2020
•
moped
(RubyGems)
Arbitrary Code Generation
CVE-2020-15142
(High severity)
was published Aug 20, 2020
•
openapi-python-client
(pip)
Path Traversal Vulnerability
CVE-2020-15141
(Low severity)
was published Aug 20, 2020
•
openapi-python-client
(pip)
Server-Side Request Forgery in @uppy/companion
CVE-2020-8205
(Moderate severity)
was published Aug 13, 2020
•
@uppy/companion
(npm)
Cross-Site Scripting in @progress/kendo-angular-editor
GHSA-j7wp-vjj6-cp5m
(High severity)
was published Aug 11, 2020
•
@progress/kendo-angular-editor
(npm)
ProTip! Advisories are also available from the
GraphQL API.