Vulnerability DB

Detailed information and remediation guidance for known vulnerabilities.
Find out if you have vulnerabilities that put you at risk Test your code
Show:
Report a new vulnerability
Vulnerability Affects Type Published
  • H
Deserialization of Untrusted Data 		com.fasterxml.jackson.core:jackson-databind [,2.8.11.5),[2.9.0,2.9.10.3) Maven 11 Feb, 2020
  • M
Cross-site Scripting (XSS) 		org.keycloak:keycloak-server-spi-private [,8.0.2) Maven 11 Feb, 2020
  • H
Insecure Randomness 		org.webjars.bower:crypto-js [0,] Maven 11 Feb, 2020
  • H
Insecure Randomness 		org.webjars.bowergithub.brix:crypto-js [0,] Maven 11 Feb, 2020
  • H
Insecure Randomness 		org.webjars.npm:crypto-js [0,] Maven 11 Feb, 2020
  • H
Insecure Randomness 		crypto-js <3.2.1 npm 11 Feb, 2020
  • M
Remote Code Execution (RCE) 		net.sourceforge.htmlunit:htmlunit [,2.37.0) Maven 11 Feb, 2020
  • M
Prototype Pollution 		@hapi/hoek <8.5.1,>=9.0.0 <9.0.3 npm 11 Feb, 2020
  • H
Denial of Service (DoS) 		github.com/hashicorp/consul/agent <1.6.3 Go 10 Feb, 2020
  • H
Denial of Service (DoS) 		github.com/hashicorp/consul/agent/consul <1.6.3 Go 10 Feb, 2020
  • M
Denial of Service (DoS) 		github.com/revel/revel >=0.0.0 Go 10 Feb, 2020
  • H
Cross Site Scripting (XSS) 		sockjs <0.3.0 npm 10 Feb, 2020
  • L
Improper Input Validation 		script-manager >=0.8.6 <0.9.0 npm 07 Feb, 2020
  • H
Malicious Package 		omniauth-weibo-oauth2 >=0.4.6, <0.5.0 RubyGems 07 Feb, 2020
  • H
Cross Site Scripting (XSS) 		dojox >=1.16.0 <1.16.1,>=1.15.0 <1.15.2,>=1.4.0 <1.14.5,>=1.13.0 <1.13.6,>=1.12.0 <1.12.7,<1.11.9 npm 07 Feb, 2020
  • M
Cross-site Scripting (XSS) 		ezsystems/ezfind-ls >=5.4.0, <5.4.11.1,>=5.3.0, <5.3.6.1 Composer 06 Feb, 2020
  • M
Improper Validation 		ezsystems/ezplatform >=1.13.0, <1.13.5.1,>=2.5.0, <2.5.4,>=1.7.0, <1.7.9.1 Composer 06 Feb, 2020
  • L
Cross-site Request Forgery (CSRF) 		ezsystems/ezplatform >=2.5.0, <2.5.4 Composer 06 Feb, 2020
  • M
Insecure Configuration 		ezsystems/ezplatform >=1.13.0, <1.13.5.1,>=2.5.0, <2.5.4,>=1.7.0, <1.7.9.1 Composer 06 Feb, 2020
  • M
Brute Force 		ezsystems/ezplatform-admin-ui >=1.4.0, <1.4.6 Composer 06 Feb, 2020
  • M
Brute Force 		ezsystems/ezplatform-user >=1.0.0, <1.0.1 Composer 06 Feb, 2020
  • H
Command Injection 		promise-probe <0.10.0 npm 06 Feb, 2020
  • L
Improper Verification of Cryptographic Signature 		tuf [,0.12.2) pip 05 Feb, 2020
  • H
Internal Property Tampering 		taffy * npm 05 Feb, 2020
  • H
Command Injection 		curling * npm 05 Feb, 2020
  • H
Unauthorised File Access 		harp * npm 05 Feb, 2020
  • H
Cross-site Scripting (XSS) 		silverstripe/admin >=1.0.3, <1.0.4,>=1.1.0, <1.1.1 Composer 05 Feb, 2020
  • M
Session Hijacking 		silverstripe/framework >=3.5.0, <3.5.6,>=3.6.0, <3.6.3 Composer 05 Feb, 2020
  • L
Improper Restriction of Excessive Authentication Attempts 		silverstripe/framework >=3.1.18, <3.1.19,>=3.2.3, <3.2.4,>=3.3.1, <3.3.2 Composer 05 Feb, 2020
  • H
Unrestricted Upload 		silverstripe/framework >=3.6.5, <3.6.6,>=4.0.3, <4.0.4,>=4.1.0, <4.1.1 Composer 05 Feb, 2020