|
Remote Code Execution (RCE)
|
facade/ignition
<2.5.2
|
Composer
|
13 Jan, 2021
|
|
Cross-site Scripting (XSS)
|
rails_admin
<1.4.3,>=2.0.0, <2.0.2
|
RubyGems
|
13 Jan, 2021
|
|
Cross-site Request Forgery (CSRF)
|
jupyterhub
[0,]
|
pip
|
13 Jan, 2021
|
|
Insecure Permissions
|
github.com/openshift/machine-config-operator/pkg/server
*
|
Go
|
12 Jan, 2021
|
|
Regular Expression Denial of Service (ReDoS)
|
glob-parent
*
|
npm
|
12 Jan, 2021
|
|
Regular Expression Denial of Service (ReDoS)
|
org.webjars.npm:glob-parent
[0,]
|
Maven
|
12 Jan, 2021
|
|
Regular Expression Denial of Service (ReDoS)
|
org.webjars.bowergithub.es128:glob-parent
[0,]
|
Maven
|
12 Jan, 2021
|
|
Improper Certificate Validation
|
node-sass
>=2.0.0 <4.14.1
|
npm
|
12 Jan, 2021
|
|
Improper Certificate Validation
|
org.webjars.npm:node-sass
[0,]
|
Maven
|
12 Jan, 2021
|
|
Improper Authentication
|
com.alibaba.nacos:nacos-config
[0,)
|
Maven
|
12 Jan, 2021
|
|
Heap-based Buffer Overflow
|
pillow
[6.0.0,8.0.1)
|
pip
|
12 Jan, 2021
|
|
Cross-site Scripting (XSS)
|
redcarpet
<3.5.1
|
RubyGems
|
12 Jan, 2021
|
|
Cross-site Request Forgery (CSRF)
|
forkcms/forkcms
<5.8.3
|
Composer
|
11 Jan, 2021
|
|
Race Condition
|
org.netbeans.html:webkit
[,1.7.1)
|
Maven
|
11 Jan, 2021
|
|
Authentication Bypass
|
proxy.py
[,2.3.1)
|
pip
|
11 Jan, 2021
|
|
Deserialization of Untrusted Data
|
com.caucho:hessian
[2.5.0, 2.6.9),[2.7.0, 2.7.8)
|
Maven
|
11 Jan, 2021
|
|
Improper Input Validation
|
github.com/gogo/protobuf/plugin/unmarshal
<1.3.2
|
Go
|
11 Jan, 2021
|
|
Cross-site Request Forgery (CSRF)
|
flask-security-too
[3.3.0, 3.4.5)
|
pip
|
10 Jan, 2021
|
|
Information Exposure
|
sylius/sylius
<1.3.16,>=1.4.0, <1.4.12,>=1.5, <1.5.9,>=1.6.0, <1.6.5
|
Composer
|
10 Jan, 2021
|
|
Open Redirect
|
github.com/pterodactyl/wings/router/downloader
<1.2.3
|
Go
|
10 Jan, 2021
|
|
Denial of Service (DoS)
|
socket.io-parser
<3.3.2,>3.4.0 <3.4.1
|
npm
|
08 Jan, 2021
|
|
Denial of Service (DoS)
|
org.webjars.npm:socket.io-parser
[,3.4.1)
|
Maven
|
08 Jan, 2021
|
|
Denial of Service (DoS)
|
engine.io
<4.0.0
|
npm
|
08 Jan, 2021
|
|
Denial of Service (DoS)
|
org.webjars.npm:engine.io
[0,]
|
Maven
|
08 Jan, 2021
|
|
Denial of Service (DoS)
|
org.webjars.bower:engine.io
[0,]
|
Maven
|
08 Jan, 2021
|
|
Command Injection
|
ts-process-promises
*
|
npm
|
08 Jan, 2021
|
|
Command Injection
|
buns
*
|
npm
|
08 Jan, 2021
|
|
Insecure Defaults
|
socket.io
<2.4.0
|
npm
|
07 Jan, 2021
|
|
Insecure Defaults
|
org.webjars.npm:socket.io
[0,]
|
Maven
|
07 Jan, 2021
|
|
Insecure Defaults
|
org.webjars.bower:socket.io
[0,]
|
Maven
|
07 Jan, 2021
|