Skip to content

GitHub Advisory Database

1,927 advisories

Potential unauthorized access to stored request & session data when plugin is misconfigured
CVE-2020-11094 (Moderate severity) was published Jun 3, 2020 rainlab/debugbar-plugin (Composer)
Potential CSV Injection vector
CVE-2020-5299 (Moderate severity) was published Jun 3, 2020 october/october (Composer)
Reflected XSS when importing CSV files via the ImportExportController
CVE-2020-5298 (Moderate severity) was published Jun 3, 2020 october/october (Composer)
Arbitrary Upload of Whitelisted File Types by authenticated backend user with cms.manage_assets permission
CVE-2020-5297 (Low severity) was published Jun 3, 2020 october/october (Composer)
Arbitrary File Deletion by authenticated backend user with cms.manage_assets permission
CVE-2020-5296 (Moderate severity) was published Jun 3, 2020 october/october (Composer)
Local File Inclusion by authenticated backend user with cms.manage_assets permission
CVE-2020-5295 (Moderate severity) was published Jun 3, 2020 october/october (Composer)
DoS or local data modification via malicious record IDs
CVE-2020-4035 (Moderate severity) was published Jun 3, 2020 @nozbe/watermelondb (npm)
Arbitrary File Read in Snyk Broker
CVE-2020-7652 (Moderate severity) was published Jun 3, 2020 snyk-broker (npm)
Arbitrary File Read in Snyk Broker
CVE-2020-7653 (Moderate severity) was published Jun 3, 2020 snyk-broker (npm)
Arbitrary File Read in Snyk Broker
CVE-2020-7648 (Moderate severity) was published Jun 3, 2020 snyk-broker (npm)
Arbitrary File Read in Snyk Broker
CVE-2020-7650 (Low severity) was published Jun 3, 2020 snyk-broker (npm)
Information Exposure in Snyk Broker
CVE-2020-7654 (Moderate severity) was published Jun 3, 2020 snyk-broker (npm)
Arbitrary File Read in Snyk Broker
CVE-2020-7651 (Moderate severity) was published Jun 3, 2020 snyk-broker (npm)
Potential Cross Site Scripting
CVE-2020-11082 (Moderate severity) was published May 28, 2020 kaminari (RubyGems)
command injection fix
CVE-2020-11079 (High severity) was published May 28, 2020 dns-sync (npm)
aegir publish may leak secrets in environment variables
CVE-2020-11059 (Critical severity) was published May 27, 2020 aegir (npm)
2020-05-26 Insufficient output escaping of attachment names
CVE-2020-13625 (Low severity) was published May 27, 2020 phpmailer/phpmailer (Composer)
Ability to forge per-form CSRF tokens in Rails
CVE-2020-8166 (Low severity) was published May 26, 2020 actionpack (RubyGems)
Possible Strong Parameters Bypass in ActionPack
CVE-2020-8164 (Moderate severity) was published May 26, 2020 actionpack (RubyGems)
Circumvention of file size limits in ActiveStorage
CVE-2020-8162 (Low severity) was published May 26, 2020 activestorage (RubyGems)
Unintended unmarshalling in ActiveSupport
CVE-2020-8165 (High severity) was published May 26, 2020 activesupport (RubyGems)
Private key leak in Apache CXF
CVE-2019-12423 (Moderate severity) was published May 22, 2020 org.apache.cxf:apache-cxf (Maven)
HTTP Smuggling via Transfer-Encoding Header
CVE-2020-11077 (Moderate severity) was published May 22, 2020 puma (RubyGems)
HTTP Smuggling via Transfer-Encoding Header
CVE-2020-11076 (High severity) was published May 22, 2020 puma (RubyGems)
Information disclosure issue in Active Resource
CVE-2020-8151 (Moderate severity) was published May 21, 2020 activeresource (RubyGems)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.