Vulnerability DB

Detailed information and remediation guidance for known vulnerabilities.
Find out if you have vulnerabilities that put you at risk Test your code
Vulnerability Affects Type Published
  • H
Man-in-the-Middle (MitM)
em-http-request >=0.0.0 RubyGems 26 May, 2020
  • H
Cross-site Scripting (XSS)
schinckel/django-jsonfield [,1.0.1) pip 25 May, 2020
  • H
Remote Code Execution (RCE)
jw.util [0,] pip 24 May, 2020
  • H
Information Exposure
github.com/helm/helm/pkg/action >=3.1.0 <3.1.3 Go 24 May, 2020
  • M
HTTP Request Smuggling
puma <3.12.5,>=4.0.0, <4.3.4 RubyGems 22 May, 2020
  • M
HTTP Request Smuggling
puma <3.12.6,>=4.0.0, <4.3.5 RubyGems 22 May, 2020
  • H
Command Injection
org.apache.kylin:kylin-core-common [2.3.0, 2.3.2),[2.4.0, 2.4.1),[2.5.0, 2.5.2),[2.6.0, 2.6.5) Maven 22 May, 2020
  • M
Information Disclosure
github.com/hashicorp/vault/command >=1.3.0 <1.3.6,>=1.4.0 <1.4.2 Go 22 May, 2020
  • H
Deserialization of Untrusted Data
org.jodd:jodd-json [,5.0.4) Maven 22 May, 2020
  • H
Arbitrary Code Execution
moodle/moodle >=3.8.0, <3.8.3,>=3.7.0, <3.7.6,>=3.6.0, <3.6.10,>=3.5.0, <3.5.12 Composer 22 May, 2020
  • M
Open Redirect
drupal/core >=7.0.0, <7.70 Composer 22 May, 2020
  • M
Cross-site Scripting (XSS)
drupal/core >=7.0.0, <7.70,>=8.0.0, <8.1.0,>=8.1.0, <8.2.0,>=8.2.0, <8.3.0,>=8.3.0, <8.4.0,>=8.4.0, <8.5.0,>=8.5.0, <8.6.0,>=8.6.0, <8.7.0,>=8.7.0, <8.7.14,>=8.8.0, <8.8.6 Composer 22 May, 2020
  • M
Timing Attack
github.com/coyim/otr3 * Go 22 May, 2020
  • M
Improper Input Validation
github.com/hashicorp/vault-plugin-secrets-gcp/plugin <0.6.2 Go 22 May, 2020
  • M
Cryptographic Weakness
org.springframework.security:spring-security-crypto [5.3.0.RELEASE, 5.3.2.RELEASE),[5.2.0.RELEASE, 5.2.4.RELEASE),[5.1.0.RELEASE, 5.1.10.RELEASE),[5.0.0.RELEASE, 5.0.16.RELEASE),[4.2.0.RELEASE, 4.2.16.RELEASE) Maven 22 May, 2020
  • M
Cryptographic Weakness
org.springframework.security:spring-security-core [5.3.0.RELEASE, 5.3.2.RELEASE),[5.2.0.RELEASE, 5.2.4.RELEASE),[5.1.0.RELEASE, 5.1.10.RELEASE),[5.0.0.RELEASE, 5.0.16.RELEASE),[4.2.0.RELEASE, 4.2.16.RELEASE) Maven 22 May, 2020
  • M
Signature Validation Bypass
electron-updater * npm 21 May, 2020
  • H
Privilege Escalation
net.sf.jasperreports:jasperreports [0,] Maven 21 May, 2020
  • H
Cross-site Scripting (XSS)
markdown-to-jsx <6.11.4 npm 21 May, 2020
  • H
Cross-site Scripting (XSS)
org.webjars.npm:markdown-to-jsx [0,] Maven 21 May, 2020
  • L
Insecure Configuration
vega-embed <6.7.0 npm 21 May, 2020
  • L
Insecure Configuration
org.webjars.npm:vega-embed [0,] Maven 21 May, 2020
  • L
Insecure Configuration
org.webjars.bower:vega-embed [0,] Maven 21 May, 2020
  • H
Privilege Escalation
github.com/kata-containers/runtime/virtcontainers <1.11.0 Go 21 May, 2020
  • H
Cross-site Scripting (XSS)
dolibarr/dolibarr >=0.0.0 Composer 21 May, 2020
  • H
Arbitrary File Upload
dolibarr/dolibarr >=0.0.0 Composer 21 May, 2020
  • H
Arbitrary Command Execution
centreon/centreon <19.4.15 Composer 21 May, 2020
  • H
HTML Injection
net.sf.jasperreports:jasperreports [0,] Maven 21 May, 2020
  • H
Denial of Service (DoS)
github.com/go-gitea/gitea <1.12.0-rc1 Go 21 May, 2020
  • H
Arbitrary File Upload
microweber/microweber >=0.0.0 Composer 21 May, 2020