Vulnerability DB

Detailed information and remediation guidance for known vulnerabilities.
Find out if you have vulnerabilities that put you at risk Test your code
Show:
Report a new vulnerability
Vulnerability Affects Type Published
  • H
Man-in-the-Middle (MitM) 		em-http-request >=0.0.0 RubyGems 26 May, 2020
  • H
Cross-site Scripting (XSS) 		schinckel/django-jsonfield [,1.0.1) pip 25 May, 2020
  • H
Remote Code Execution (RCE) 		jw.util [0,] pip 24 May, 2020
  • H
Information Exposure 		github.com/helm/helm/pkg/action >=3.1.0 <3.1.3 Go 24 May, 2020
  • M
HTTP Request Smuggling 		puma <3.12.5,>=4.0.0, <4.3.4 RubyGems 22 May, 2020
  • M
HTTP Request Smuggling 		puma <3.12.6,>=4.0.0, <4.3.5 RubyGems 22 May, 2020
  • H
Command Injection 		org.apache.kylin:kylin-core-common [2.3.0, 2.3.2),[2.4.0, 2.4.1),[2.5.0, 2.5.2),[2.6.0, 2.6.5) Maven 22 May, 2020
  • M
Information Disclosure 		github.com/hashicorp/vault/command >=1.3.0 <1.3.6,>=1.4.0 <1.4.2 Go 22 May, 2020
  • H
Deserialization of Untrusted Data 		org.jodd:jodd-json [,5.0.4) Maven 22 May, 2020
  • H
Arbitrary Code Execution 		moodle/moodle >=3.8.0, <3.8.3,>=3.7.0, <3.7.6,>=3.6.0, <3.6.10,>=3.5.0, <3.5.12 Composer 22 May, 2020
  • M
Open Redirect 		drupal/core >=7.0.0, <7.70 Composer 22 May, 2020
  • M
Cross-site Scripting (XSS) 		drupal/core >=7.0.0, <7.70,>=8.0.0, <8.1.0,>=8.1.0, <8.2.0,>=8.2.0, <8.3.0,>=8.3.0, <8.4.0,>=8.4.0, <8.5.0,>=8.5.0, <8.6.0,>=8.6.0, <8.7.0,>=8.7.0, <8.7.14,>=8.8.0, <8.8.6 Composer 22 May, 2020
  • M
Timing Attack 		github.com/coyim/otr3 * Go 22 May, 2020
  • M
Improper Input Validation 		github.com/hashicorp/vault-plugin-secrets-gcp/plugin <0.6.2 Go 22 May, 2020
  • M
Cryptographic Weakness 		org.springframework.security:spring-security-crypto [5.3.0.RELEASE, 5.3.2.RELEASE),[5.2.0.RELEASE, 5.2.4.RELEASE),[5.1.0.RELEASE, 5.1.10.RELEASE),[5.0.0.RELEASE, 5.0.16.RELEASE),[4.2.0.RELEASE, 4.2.16.RELEASE) Maven 22 May, 2020
  • M
Cryptographic Weakness 		org.springframework.security:spring-security-core [5.3.0.RELEASE, 5.3.2.RELEASE),[5.2.0.RELEASE, 5.2.4.RELEASE),[5.1.0.RELEASE, 5.1.10.RELEASE),[5.0.0.RELEASE, 5.0.16.RELEASE),[4.2.0.RELEASE, 4.2.16.RELEASE) Maven 22 May, 2020
  • M
Signature Validation Bypass 		electron-updater * npm 21 May, 2020
  • H
Privilege Escalation 		net.sf.jasperreports:jasperreports [0,] Maven 21 May, 2020
  • H
Cross-site Scripting (XSS) 		markdown-to-jsx <6.11.4 npm 21 May, 2020
  • H
Cross-site Scripting (XSS) 		org.webjars.npm:markdown-to-jsx [0,] Maven 21 May, 2020
  • L
Insecure Configuration 		vega-embed <6.7.0 npm 21 May, 2020
  • L
Insecure Configuration 		org.webjars.npm:vega-embed [0,] Maven 21 May, 2020
  • L
Insecure Configuration 		org.webjars.bower:vega-embed [0,] Maven 21 May, 2020
  • H
Privilege Escalation 		github.com/kata-containers/runtime/virtcontainers <1.11.0 Go 21 May, 2020
  • H
Cross-site Scripting (XSS) 		dolibarr/dolibarr >=0.0.0 Composer 21 May, 2020
  • H
Arbitrary File Upload 		dolibarr/dolibarr >=0.0.0 Composer 21 May, 2020
  • H
Arbitrary Command Execution 		centreon/centreon <19.4.15 Composer 21 May, 2020
  • H
HTML Injection 		net.sf.jasperreports:jasperreports [0,] Maven 21 May, 2020
  • H
Denial of Service (DoS) 		github.com/go-gitea/gitea <1.12.0-rc1 Go 21 May, 2020
  • H
Arbitrary File Upload 		microweber/microweber >=0.0.0 Composer 21 May, 2020