Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

83 advisories

Loading
CRLF Injection in pypiserver Moderate
CVE-2019-6802 was published for pypiserver (pip) Jan 30, 2019
tdunlap607
Twisted CRLF Injection Moderate
CVE-2019-12387 was published for twisted (pip) Jun 10, 2019
field_test gem contains injection vulnerability Moderate
CVE-2019-13146 was published for field_test (RubyGems) Jul 16, 2019
Invenio-App vulnerable to host header injection attack Moderate
CVE-2019-1020006 was published for invenio-app (pip) Jul 16, 2019
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria Moderate
GHSA-35fr-h7jr-hh86 was published for com.linecorp.armeria:armeria (Maven) Dec 6, 2019
JLLeitschuh
HTTP Response Splitting in Styx Moderate
CVE-2020-6858 was published for com.hotels.styx:styx-api (Maven) Mar 3, 2020
JLLeitschuh
HTTP Response Splitting (Early Hints) in Puma Moderate
CVE-2020-5249 was published for puma (RubyGems) Mar 3, 2020
CSS Injection in Chartkick gem Moderate
CVE-2020-16254 was published for chartkick (RubyGems) Aug 12, 2020
Remote Code Execution in Red Discord Bot Moderate
CVE-2020-15140 was published for Red-DiscordBot (pip) Aug 21, 2020
douglascdev
HTML Injection in preact Moderate
GHSA-cg48-9hh2-x6mx was published for preact (npm) Sep 2, 2020
Contao Insert tag injection in forms Moderate
CVE-2020-25768 was published for contao/contao (Composer) Sep 24, 2020
Injection/XSS in Redcarpet Moderate
CVE-2020-26298 was published for redcarpet (RubyGems) Jan 11, 2021
Authenticated remote code execution Moderate
GHSA-pjj4-jjgc-h3r8 was published for shopware/platform (Composer) Mar 12, 2021
HTML injection in email and account expiry notifications Moderate
CVE-2021-21333 was published for matrix-synapse (pip) Mar 26, 2021
Mautic vulnerable to secret data exfiltration via symfony parameters Moderate
CVE-2021-27908 was published for mautic/core (Composer) Apr 6, 2021
Gregy fedys
Injection in bodymen Moderate
CVE-2019-10792 was published for bodymen (npm) Apr 13, 2021
File upload local preview can run embedded scripts after user interaction Moderate
GHSA-8796-gc9j-63rv was published for matrix-react-sdk (npm) May 17, 2021
MR-ZHEEV
Command injection in Apache Flink Moderate
CVE-2020-1960 was published for org.apache.flink:flink-core (Maven) May 21, 2021
CRLF injection in urllib3 Moderate
CVE-2020-26137 was published for urllib3 (pip) Jun 18, 2021
Improper Neutralization of Special Elements in Output in helm.sh/helm/v3 Moderate
CVE-2021-21303 was published for helm.sh/helm/v3 (Go) Jun 23, 2021
CRLF vulnerability in Fiber Moderate
CVE-2020-15111 was published for github.com/gofiber/fiber (Go) Jun 29, 2021
hsblhsn abdshaleh
Injection in MockServer Moderate
CVE-2021-32827 was published for org.mock-server:mockserver (Maven) Aug 30, 2021
Header injection in nodemailer Moderate
CVE-2021-23400 was published for nodemailer (npm) Dec 10, 2021
lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through Moderate
CVE-2021-43818 was published for lxml (pip) Dec 13, 2021
pwntester
vault-cli contains possible RCE when reading user-defined data Moderate
CVE-2021-43837 was published for vault-cli (pip) Dec 16, 2021
ewjoachim
ProTip! Advisories are also available from the GraphQL API