Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

9,025 advisories

Loading
Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool Moderate
CVE-2011-1948 was published for Plone (pip) Jul 23, 2018
Moderate severity vulnerability that affects Products.PlonePAS Moderate
CVE-2009-0662 was published for Products.PlonePAS (pip) Jul 23, 2018
Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink Moderate
CVE-2014-5003 was published for ciborg (RubyGems) Jul 23, 2018
Invalid Curve Attack in node-jose Moderate
CVE-2017-16007 was published for node-jose (npm) Jul 20, 2018
tdunlap607
Open Redirect in hekto Moderate
CVE-2018-3743 was published for hekto (npm) Jul 18, 2018
Cross-site Scripting (XSS) - Stored in crud-file-server Moderate
CVE-2018-3726 was published for crud-file-server (npm) Jul 18, 2018
Information Exposure on Case Insensitive File Systems in serve Moderate
CVE-2018-3809 was published for serve (npm) Jul 18, 2018
Pysaml2 improperly initializes encryption vector Moderate
CVE-2017-1000246 was published for pysaml2 (pip) Jul 16, 2018
zmthy
django-epiceditor vulnerable to XSS in form field Moderate
CVE-2017-6591 was published for django-epiceditor (pip) Jul 13, 2018
python-fedora vulnerable to an open redirect resulting in loss of CSRF protection Moderate
CVE-2017-1002150 was published for python-fedora (pip) Jul 13, 2018
markdown2 is vulnerable to cross-site scripting Moderate
CVE-2018-5773 was published for markdown2 (pip) Jul 12, 2018
woodruffw
Plone Sandbox Escape Moderate
CVE-2017-5524 was published for Plone (pip) Jul 12, 2018
Incorrect handling of CORS preflight request headers in hapi Moderate
CVE-2015-9236 was published for hapi (npm) Jun 7, 2018
Sinatra Cross-site Scripting vulnerability Moderate
CVE-2018-11627 was published for sinatra (RubyGems) Jun 5, 2018
Cross-Site Scripting in @ckeditor/ckeditor5-link Moderate
CVE-2018-11093 was published for @ckeditor/ckeditor5-link (npm) May 23, 2018
tdunlap607
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2018-3741 was published for rails-html-sanitizer (RubyGems) Apr 26, 2018
Cross-Site Scripting in @risingstack/protect Moderate
CVE-2018-1000160 was published for @risingstack/protect (npm) Apr 25, 2018
Uncontrolled resource consumption in nokogiri Moderate
CVE-2017-18258 was published for nokogiri (RubyGems) Apr 13, 2018
Cross-site Scripting in loofah Moderate
CVE-2018-8048 was published for loofah (RubyGems) Mar 21, 2018
tdunlap607
Doorkeeper is vulnerable to stored XSS and code execution Moderate
CVE-2018-1000088 was published for doorkeeper (RubyGems) Mar 13, 2018
tdunlap607
http vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2015-1828 was published for http (RubyGems) Mar 13, 2018
rack-protection gem timing attack vulnerability when validating CSRF token Moderate
CVE-2018-1000119 was published for rack-protection (RubyGems) Mar 7, 2018
Regular Expression Denial of Service in ssri Moderate
CVE-2018-7651 was published for ssri (npm) Mar 7, 2018
rails_admin ruby gem XSS Moderate
CVE-2017-12098 was published for rails_admin (RubyGems) Mar 5, 2018
Insight API transaction broadcast endpoint can result in Full Path Disclosure Moderate
CVE-2018-1000023 was published for insight-api (npm) Mar 5, 2018
ProTip! Advisories are also available from the GraphQL API