Vulnerabilities we've disclosed
GitHub Security Lab researchers find vulnerabilities in key, widely-used open source projects. We then coordinate the disclosure of those vulnerabilities to security teams at those projects. We only publish vulnerabilities here after they’ve been announced by the affected projects' development teams and patches are available. See our disclosure policy below for more information.
GHSL-2021-062: Command injection in @thi.ng/egf - CVE-2021-21412
The gpg method has a command injection vulnerability. Clients of the @thi.ng/egf library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.
GHSL-2021-060: Command injection in @prisma/sdk - CVE-2021-21414
The getPackedPackage method has a command injection vulnerability. Clients of the @prisma/sdk library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.
GHSL-2021-024: Reflected Cross Site Scripting in eta
A misuse of the ExpressJS render API can lead to insecure behaviours from Cross Site Scripting (XSS) to Remote code execution (RCE)
GHSL-2021-022: Remote code execution in whiskers
A misuse of the ExpressJS render API can lead to insecure behaviours from Cross Site Scripting (XSS) to Remote code execution (RCE)
GHSL-2021-021: Remote code execution in ejs
A misuse of the ExpressJS render API can lead to insecure behaviours from Cross Site Scripting (XSS) to Remote code execution (RCE)
GHSL-2020-373: Command injection in node-notifier
node-notifier recently addressed a command injection vulnerability with an insufficient fix, resulting in command injection through malicious input still being possible.
GHSL-2020-357: ReDoS (Regular Expression Denial of Service) in amazeui
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
GHSL-2020-352: ReDoS (Regular Expression Denial of Service) in revalidator
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
GHSL-2020-350: ReDoS (Regular Expression Denial of Service) in ng2-validation
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
GHSL-2020-339: Command Injection vulnerability in OMF
A Command Injection vulnerability has been found in Open Modeling Framework (OMF)
GHSL-2020-336: reflected Cross-Site scripting (XSS) in analytics-quarry-web
A reflected Cross-Site scripting (XSS) vulnerability has been found in analytics-quarry-web
GHSL-2020-130: CSRF in mongo-express
Mongo-express uses csurf middleware to protect the application against CSRF attacks. Unfortunately it does so in an incorrect way which leaves mongo-express vulnerable to the attack.
GHSL-2020-372: Unauthorized repository modification or secrets exfiltration in GitHub workflows of 418sec/huntr
The process-disclosure.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
GHSL-2021-050: Unauthenticated abritrary file read in Jellyfin - CVE-2021-21402
Jellyfin allows unauthenticated arbitrary file read.
GHSL-2021-047: unauthorized repository modification or secrets exfiltration in GitHub workflows of zwavejs2mqtt
The zwave-js-bot.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration.
GHSL-2021-046: Command injection in a GitHub workflow of AmazeFileManager
The android-debug-artifact-ondemand.yml GitHub workflow is vulnerable to command injection.
GHSL-2021-044: Command injection in a GitHub workflow of Homebrew/brew
The vendor-gems.yml GitHub workflow is vulnerable to command injection.
GHSL-2021-031: Script injection in a GitHub workflow of hasura/graphql-engine
The shadow-pr.yml GitHub workflow is vulnerable to script injection.
GHSL-2020-131: Remote Code Execution in mongo-express - CVE-2020-24391
Mongo-express uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to RCE in the context of the node server.
GHSL-2020-050: Arbitrary code execution in Pebble Templates
When Spring integration is enabled, an attacker that is able to modify Template contents may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container.
GHSL-2020-021: Bypass input sanitization of EL expressions in Eclipse-EE4J
A bug in the `ELParserTokenManager` enables invalid EL expressions to be evaluated as if they were valid, enabling attackers to bypass input sanitation.
GHSL-2021-052: Potential local Denial of Service in systemd
There is an infinite loop in systemd-ask-password, due to an integer overflow in an error handling code path. The bug can be triggered by entering an invalid unicode character followed by backspace.
GHSL-2021-049: Type confusion vulnerability in the varlink interface of systemd-resolved
There is potential type confusion vulnerability in the varlink interface of systemd-resolved. This is due to the userdata field of the Varlink struct being used to store two unrelated datatypes: Manager and DnsQuery.
GHSL-2021-045: Integer Overflow in GLib - CVE-2021-27219
The function g_bytes_new has an integer overflow due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to a memory corruption vulnerability.
GHSL-2020-358: Regular expression Denial of Service in Schema-Inspector
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
GHSL-2020-331: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of appsmith
The client.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
GHSL-2020-323: Template injection in a GitHub workflow of geek-cookbook
The 'on-push-master-notify-discord.yml' GitHub workflow is vulnerable to template injection.
GHSL-2020-235: Arbitrary command injection in wayou/turn-issues-to-posts-action
The turn-issues-to-posts action is vulnerable to arbitrary command injection.
GHSL-2020-324: Template injection in a GitHub workflow of koriwi/freedeck-configurator
The 'develop.yml' GitHub workflow is vulnerable to template injection.
GHSL-2020-277: Unauthorized repository modification or secrets exfiltration in GitHub workflows of w3c/aria-practices
The coverage-report.yml and generate-and-commit-files.yml GitHub workflows are vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
GHSL-2020-375: Use-after-free (UaF) in Qualcomm kgsl driver - CVE-2020-11239
Use-after-free in kgsl_ioctl_gpuobj_import and kgsl_ioctl_map_user_mem of the Qualcomm kgsl driver
GHSL-2020-273: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of numworks/epsilon
The metrics-workflow.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
GHSL-2020-167: Use-after-free (UaF) in Chrome AudioHandler - CVE-2020-15972, CVE-2021-21114
UaF in AudioHandler::ProcessIfNecessary
GHSL-2020-166: Use-after-free (UaF) in Chrome PaymentCredential - CVE-2020-16018
UaF in PaymentCredential::DidDownloadFavicon
GHSL-2020-165: Use-after-free (UaF) in Chrome PaymentAppServiceBridge - CVE-2020-16045
UaF in PaymentAppServiceBridge
GHSL-2021-009: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of lijinke666/react-music-player
The surge-preview.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
GHSL-2021-008: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of actions-cool/issue-helper
The surge-preview.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
GHSL-2020-349: ReDoS (Regular Expression Denial of Service) in date-and-time - CVE-2020-26289
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
GHSL-2020-343: ReDoS (Regular Expression Denial of Service) in Vant
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
GHSL-2020-314: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of s4u/pgpverify-maven-plugin
The pr.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
GHSL-2020-287: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of jdf2e/nutui
The preview.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
GHSL-2020-270: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of ant-design-colorful
The preview.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
GHSL-2020-269: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of alibaba/hooks
The preview.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
GHSL-2020-268: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of umijs/dumi
The preview.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
GHSL-2020-267: Unauthorized repository modification or secrets exfiltration in GitHub workflows of Antvis repositories
Multiple Antvis GitHub workflows are vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
GHSL-2020-266: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of afc163/surge-preview
The design and promoted usage examples of afc163/surge-preview GitHub action makes the consuming workflows vulnerable to arbitrary code execution. The repository of afc163/surge-preview GitHub action falls into the same trap and is vulnerable to arbitrary code execution.
GHSL-2020-265: Unauthorized repository modification or secrets exfiltration in GitHub workflows of didi/cube-ui and didi/mand-mobile
The cube-ui/preview.yml and mand-mobile/preview.yml GitHub workflows are vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
GHSL-2020-264: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of youan/vant
The preview.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
GHSL-2020-246: Unauthorized repository modification or secrets exfiltration in GitHub workflows of ant-design
The ant-design/ui.yml, ant-design-pro/preview.yml and pro-components/preview.yml GitHub workflows are vulnerable to arbitrary code execution.
GHSL-2020-048: Remote Code Execution in Apache Velocity - CVE-2020-13936
When Velocity templates are used in the context of a VelocityView an attacker that is able to modify Template contents may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container.
GHSL-2020-359: ReDoS (Regular Expression Denial of Service) in etherpad-lite
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
GHSL-2020-335: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of libpasta
The ci.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
GHSL-2021-048: Unauthorized repository modification or secrets exfiltration in several GitHub workflows of linebender
The bloat.yml GitHub workflow in linebender/druid, linebender/runebender and linebender/norad is vulnerable to unauthorized modification of the base repository or secrets exfiltration.
GHSL-2021-016: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of Tautulli
The pull-requests.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
GHSL-2020-329: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of Automattic/jetpack
The dangerci.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
GHSL-2020-228: Weak JSON Web Token (JWT) signing secret in YApi - CVE-2021-27884
Weak random number generator is used to sign JSON Web Token (JWT).
GHSL-2020-199: Open redirect vulnerability in Slashify - CVE-2021-3189
Open redirect in Slashify
GHSL-2020-197: Open redirect vulnerability in Ghost
Ghost may be vulnerable to Open redirect attacks
GHSL-2021-030: ReDoS (Regular expression Denial of Service in CodeMirror
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
GHSL-2021-017: Command injection in teal-language/tl workflow
The playground.yml GitHub workflow is vulnerable to arbitrary command injection.
GHSL-2021-015: Command injection in a2o/snoopy workflow
The code-qa-sonarcloud.yml GitHub workflow is vulnerable to arbitrary command injection.
GHSL-2021-014: Command injection in benjamin-maynard/kubernetes-cloud-mysql-backup workflow
GitHub workflow in benjamin-maynard/kubernetes-cloud-mysql-backup GitHub repository is vulnerable to arbitrary command injection.
GHSL-2021-013: Command injection in pythonpune/meetup-talks workflow
GitHub workflow in pythonpune/meetup-talks repository is vulnerable to arbitrary command injection.
GHSL-2021-012: Command injection in alan-turing-institute/binderhub-deploy workflow
GitHub workflow in alan-turing-institute/binderhub-deploy GitHub repository is vulnerable to arbitrary command injection.
GHSL-2021-011: Command injection in itpp-labs workflows
The DINAR-PORT.yml GitHub workflow in itpp-labs/misc-addons, itpp-labs/website-addons, itpp-labs/access-addons, itpp-labs/l10n-addons, itpp-labs/mail-addons, itpp-labs/pos-addons and itpp-labs/sync-addons repositories is vulnerable to arbitrary command injection.
GHSL-2021-010: Command injection in getsentry/onpremise workflow
The validate-new-issue.yml GitHub workflow is vulnerable to arbitrary command injection.
GHSL-2021-007: Arbitrary code execution and shell command injection in dmlc/gluon-nlp workflows
The buildwebsite.yml and unittests-gpu.yml GitHub workflows are vulnerable to arbitrary code execution.
GHSL-2021-006: Arbitrary code execution in Decathlon/vitamin-web workflow
The build-pr.yml GitHub workflow is vulnerable to arbitrary code execution.
GHSL-2021-004: Arbitrary code execution in aeraki workflows
The e2e-thrift.yaml, e2e-dubbo.yaml and e2e-kafka-zookeeper.yaml GitHub workflows are vulnerable to arbitrary code execution.
GHSL-2020-371: Arbitrary code execution in tophat workflows
The GitHub workflows pull-request.yml in multiple branches of tophat/networkjs, tophat/commit-utils, tophat/commit-watch, tophat/sanity-runner and commit-watch.yml in tophat/commit-watch are vulnerable to arbitrary code execution.
GHSL-2020-370: Arbitrary code execution and shell command injection in rhinstaller/anaconda workflows
The validate.yml and kickstart-tests.yml GitHub workflows are vulnerable to arbitrary code execution.
GHSL-2020-369: Arbitrary code execution in nrfconnect/sdk-nrf workflow
The docbuild.yml GitHub workflow is vulnerable to arbitrary code execution.
GHSL-2020-367: Arbitrary code execution in android-password-store/Android-Password-Store workflow
The pull_request.yml GitHub workflow is vulnerable to arbitrary code execution.
GHSL-2020-334: Arbitrary code execution in gsantner workflows
The gsantner/markor build-android-project.yml, gsantner/memetastic build-android-project.yml and gsantner/dandelion link-validator.yml GitHub workflows are vulnerable to arbitrary code execution.
GHSL-2020-333: Arbitrary code execution in osohq/oso workflow
The bench.yml GitHub workflow is vulnerable to arbitrary code execution.
GHSL-2020-332: Arbitrary code execution in a2o/snoopy workflow
The code-qa-sonarcloud.yml GitHub workflow is vulnerable to arbitrary code execution.
GHSL-2020-328: Arbitrary code execution in GoogleCloudPlatform/microservices-demo workflow
The ci-pr.yaml GitHub workflow is vulnerable to arbitrary code execution.
GHSL-2020-327: Arbitrary code execution in dmlc/gluon-cv workflow
The ci.yml GitHub workflow is vulnerable to arbitrary code execution.
GHSL-2020-319: Arbitrary code execution in pangeo-data/climpred workflows
The climpred_installs.yml and climpred_testing.yml GitHub workflows in multiple branches are vulnerable to arbitrary code execution.
GHSL-2020-316: Arbitrary code execution in indico/newdle workflow
The migration-sql.yml GitHub workflow is vulnerable to arbitrary code execution.
GHSL-2020-280: Arbitrary code execution in deislabs/akri workflows
Multiple workflows are vulnerable to arbitrary code execution.
GHSL-2020-275: Arbitrary code execution in LedgerHQ/ledger-live-desktop workflow
The ci.yml GitHub workflow is vulnerable to arbitrary code execution.
GHSL-2020-274: Arbitrary code execution in v8/v8.dev workflow
The pr-preview.yml GitHub workflow is vulnerable to arbitrary code execution.
GHSL-2020-257: The unsafe handling of symbolic links in an unpacking routine in oras - CVE-2021-21272
The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.
GHSL-2020-245: Arbitrary code execution in strimzi/strimzi-ui workflow
The node-pr-jobs-secure.yml GitHub workflow is vulnerable to arbitrary code execution.
GHSL-2020-244: Arbitrary code execution and shell command injection in nonebot/nonebot2 workflow
The api_docs.yml GitHub workflow is vulnerable to arbitrary code execution and shell command injection.
GHSL-2020-243: Arbitrary code execution in preslavmihaylov/todocheck workflow
The master.yaml GitHub workflow is vulnerable to arbitrary code execution.
GHSL-2020-242: Command injection in telegramdesktop/tdesktop workflow
The user_agent_updater.yml GitHub workflow is vulnerable to arbitrary command injection.
GHSL-2020-241: Arbitrary code execution and shell command injection in getsentry/sentry workflow
The acceptance.yml GitHub workflow is vulnerable to arbitrary code execution and shell command injection.
GHSL-2020-240: Command injection in scikit-learn/scikit-learn workflow
The sync_pull_request.yml GitHub workflow is vulnerable to arbitrary command injection.
GHSL-2020-239: Command injection in NVIDIA/spark-rapids workflow
The blossom-ci.yml GitHub workflow is vulnerable to arbitrary command injection.
GHSL-2020-234: Command injection in DataBiosphere/terra-workspace-manager workflow
The preview-manage.yml GitHub workflow is vulnerable to arbitrary command injection.
GHSL-2020-233: Command injection in ONSdigital workflows
The comment.yml and main.yml GitHub workflows are vulnerable to arbitrary command injection.
GHSL-2020-232: Command injection in wireapp/wire-webapp workflow
The test_build_deploy.yml GitHub workflow is vulnerable to arbitrary command injection.
GHSL-2020-231: Command injection in graphql-dotnet workflows
The wipcheck.yml GitHub workflow in graphql-dotnet/graphql-dotnet, graphql-dotnet/server, graphql-dotnet/parser and graphql-dotnet/authorization repositories is vulnerable to arbitrary command injection.
GHSL-2020-230: Command injection in aws/aws-sam-cli worflow
The pr_title.yml GitHub workflow is vulnerable to arbitrary command injection.
GHSL-2020-229: Command injection in allenevans/set-env workflow
The release.yml GitHub workflow is vulnerable to arbitrary command injection.
GHSL-2020-206: Command and template injections in Saagie workflows
GitHub workflows in saagie/technologies, saagie/technologies-plugin and saagie/sdk repositories are vulnerable to arbitrary code execution.
GHSL-2020-198: Path manipulation via Zip entry files (ZipSlip) in adm-zip
Path manipulation via Zip entry files (ZipSlip)
GHSL-2020-195: Arbitrary file write in dd-center/vdb workflow
The submit.yml GitHub workflow is vulnerable to arbitrary file write.
GHSL-2020-194: Command injection in drewmullen/actions-playground workflows
The comment.yml and output_comment.yml GitHub workflows are vulnerable to arbitrary command injection.
GHSL-2020-193: Command injection in Ignitus/Ignitus-client workflow
The pr-preview.yml GitHub workflow is vulnerable to arbitrary command injection.
GHSL-2020-191: Command injection in KanCraft/kanColleWidget workflow
The contrib-notice.yml GitHub workflow is vulnerable to arbitrary command injection.
GHSL-2020-190: Command injection in fortran-lang/fortran-lang.org workflow
The gen_tweet.yaml GitHub workflow is vulnerable to arbitrary command injection.
GHSL-2020-189: Command injection in chocolatey-community/chocolatey-package-requests workflow
The handle-comments.yml GitHub workflow is vulnerable to arbitrary command injection.
GHSL-2020-186: Command injection in thomaseizinger/github-action-gitflow-release-workflow
The draft-new-release.yml GitHub workflow is potentially vulnerable to arbitrary command injection.
GHSL-2020-185: Arbitrary code execution in Plugins Verified by Homebridge workflow
The plugin-prechecks.yml GitHub workflow is vulnerable to arbitrary code execution.
GHSL-2020-184: Command injection in bdougie/awesome-black-developers workflow
The readme.yml GitHub workflow is vulnerable to arbitrary command injection.
GHSL-2020-182: Code injection in JonathanGin52/JonathanGin52 workflow
The connect4.yml GitHub workflow is vulnerable to arbitrary code injection.
GHSL-2020-171: Command injection in arduino/arduino-cli workflow
The jira-issue.yaml GitHub workflow is vulnerable to arbitrary command injection.
GHSL-2020-150: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in china-live/QQConnect
QQConnect is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS).
GHSL-2020-148: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in anjoy8/ChristDDD
ChristDDD is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS).
GHSL-2020-147: Cross-Site Request Forgery (CSRF) in Sustainsys/Saml2
Saml2 is vulnerable to a Cross-Site Request Forgery (CSRF) that may lead per-user denial of service (DoS).
GHSL-2020-146: Arbitrary file overwrite, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in dotnet-architecture/eShopOnWeb
eShopOnWeb is vulnerable to an Arbitrary File Overwrite, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges, per-user denial of service (DoS) and Remote Code Execution (RCE).
GHSL-2020-308: ReDoS (Regular Expression Denial of Service) in TinyMCE
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
GHSL-2020-299: ReDoS (Regular Expression Denial of Service) in simple-markdown
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
GHSL-2020-294: ReDoS (Regular Expression Denial of Service) in jquery.validation - CVE-2021-21252
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
GHSL-2020-214_223: 10 CVEs in OneDev ranging from pre-auth Remote Code Execution (RCE) to Arbitrary File Read/Write
Multiple vulnerabilities were found in the OneDev project ranging from pre-auth Remote Code Execution (RCE) to Arbitrary File Read/Write
GHSL-2020-201: Prototype pollution in theia/plugin-ext
Prototype pollution in mergeContents and parseConfigurationData functions.
GHSL-2020-160: Prototype pollution in Merge-deep
Merge-deep actively attempts to prevent prototype pollution by blocking object property merges into __proto__, however it still allows for prototype pollution of Object.prototype via a constructor payload.
GHSL-2020-070: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Apache OfBiz
Apache OfBiz is vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE)
GHSL-2020-067: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Apache OfBiz
Apache OfBiz is vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE)
GHSL-2020-066: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Apache OfBiz
Apache OfBiz is vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE)
GHSL-2020-311: Regular Expression Denial of Service in SquadCal
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
GHSL-2020-309: Regular Expression Denial of Service in Fast-csv - CVE-2020-26256
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
GHSL-2020-307: Regular Expression Denial of Service in CodeMirror
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
GHSL-2020-306: Regular Expression Denial of Service in highlight.js
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
GHSL-2020-300: Regular Expression Denial of Service in markdown-to-jsx
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
GHSL-2020-298: Regular Expression Denial of Service in Metro-UI-CSS
The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
GHSL-2020-262: Unsafe handling of symbolic links in go-slug unpacking routine - CVE-2020-29529
The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.
GHSL-2020-261: Unsafe handling of symbolic links in oc unpacking routine - CVE-2020-27833
The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.
GHSL-2020-256: Unsafe handling of symbolic links in dbdeployer unpacking routine - CVE-2020-26277
The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.
GHSL-2020-252: Unsafe handling of symbolic links in archiver unpacking routine
The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.
GHSL-2020-213: Server-Side Template Injection in BrowserUp Proxy - CVE-2020-26282
A Server-Side Template Injection was identified in BrowserUp Proxy enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability.
GHSL-2020-330: Unauthorized repository modification or secrets exfiltration in two akka repositories
Two GitHub workflows of alpakka-kafka and akka-grpc are vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
GHSL-2020-320: Unauthorized repository modification or secrets exfiltration in illright/attractions repository
A GitHub workflow of illright/attractions is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
GHSL-2020-318: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of popsim-consortium/stdpopsim
A GitHub workflow of popsim-consortium/stdpopsim is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
GHSL-2020-317: Unauthorized repository modification or secrets exfiltration in gpuweb/cts repository
A GitHub workflow of gpuweb/cts is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
GHSL-2020-315: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of rux616/karabiner-windows-mode
A GitHub workflow of rux616/karabiner-windows-mode is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
GHSL-2020-288: Unauthorized repository modification or secrets exfiltration in GitHub workflows comsuming awslabs/one-line-scan
The design and promoted usage examples of awslabs/one-line-scan makes consuming workflows vulnerable to arbitrary code execution
GHSL-2020-286: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of PureStake/moonbeam
A GitHub workflow of PureStake/moonbeam is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
GHSL-2020-285: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of cloudevents/sdk-ruby
A GitHub workflow of cloudevents/sdk-ruby is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
GHSL-2020-284: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of dazuma/toys
A GitHub workflow of dazuma/toys is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
GHSL-2020-283: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of GoogleCloudPlatform/functions-framework-ruby
A GitHub workflow of GoogleCloudPlatform/functions-framework-ruby is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
GHSL-2020-282: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of open-telemetry/opentelemetry-ruby
A GitHub workflow of open-telemetry/opentelemetry-ruby is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
GHSL-2020-281: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of tskit-dev/msprime
A GitHub workflow of tskit-dev/msprime is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
GHSL-2020-279: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of is-a-dev/register
A GitHub workflow of is-a-dev/register is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
GHSL-2020-278: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of stm32-rs/stm32-rs
A GitHub workflow of stm32-rs/stm32-rs is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
GHSL-2020-276: Unauthorized repository modification or secrets exfiltration in nuxt repositories
Two GitHub workflows of nuxt/create-nuxt-app and nuxt/modules are vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
GHSL-2020-272: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of lampepfl/dotty
A GitHub workflow of lampepfl/dotty is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
GHSL-2020-271: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of openzfs/zfs
A GitHub workflow of openzfs/zfs is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
GHSL-2020-249: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of aws/amazon-chime-sdk-js
A GitHub workflow of aws/amazon-chime-sdk-js is vulnerable to arbitrary code execution
GHSL-2020-248: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of rism-ch/verovio
A GitHub workflow of rism-ch/verovio is vulnerable to arbitrary code execution
GHSL-2020-247: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of redwoodjs/redwood
A GitHub workflow of redwoodjs/redwood is vulnerable to arbitrary code execution
GHSL-2020-205: Remote Code Execution in Apache Struts 2 - S2-061 - CVE-2020-17530
Double evaluation of Struts tag dynamic attributes leads to Remote Code Execution
GHSL-2020-192, GHSL-2020-196: File existence disclosure in aptdeamon - CVE-2020-16128
Two vulnerabilities in aptdaemon allow an unprivileged user to probe the existence of arbitrary files on the system
GHSL-2020-168, GHSL-2020-169, GHSL-2020-170: Integer overflows and file descriptor leak in aptd - CVE-2020-27349, CVE-2020-27350, CVE-2020-27351
Some aptd deamon packages contain several bugs which an unprivileged user can exploit to trigger a local denial of service
GHSL-2020-212: Template injection in Cron-utils - CVE-2020-26238
A Template Injection was identified in Cron-Utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability
GHSL-2020-211: Template injection in a GitHub workflow of namin2/dependabot_jira repository
The GitHub workflow template in namin2/dependabot_jira repository is vulnerable to template injection from user comments
GHSL-2020-210: Template injection in the GitHub workflow of hyperspacedev/starlight repository
Automatic GitHub workflow in hyperspacedev/starlight repository is vulnerable to template injection from user comments
GHSL-2020-209: Template injection in a GitHub workflow of ww-tech/primrose repository
Automatic GitHub workflow in ww-tech/primrose repository is vulnerable to template injection from user comments
GHSL-2020-208: Template injection in a GitHub workflow of SourcePointUSA/android-cmp-app repository
Automatic GitHub workflow in SourcePointUSA/android-cmp-app repository is vulnerable to template injection from user comments
GHSL-2020-207: Template injection in a GitHub workflow of repository hashicorp/boundary-ui
Automatic GitHub workflow in hashicorp/boundary-ui repository is vulnerable to template injection from user comments
GHSL-2020-204: Server-Side Template Injection in Corona Warn App Server
A Server-Side Template Injection was identified in Corona Warn App Server enabling attackers to inject arbitrary Java EL expressions, leading to un-auth Remote Code Execution (RCE) vulnerability
GHSL-2020-181: Template injection in the GitHub workflows of symless synergy-core repository
Automatic GitHub workflows in symless synergy-core repository are vulnerable to template injection from user comments
GHSL-2020-180: Template injection in the GitHub workflows of helm-ssm repository
Automatic GitHub workflows in helm-ssm repository are vulnerable to template injection from user comments
GHSL-2020-179: Template injection in the GitHub workflows of codacy-coverage-reporter-action repository
Automatic GitHub workflows in codacy-coverage-reporter-action repository are vulnerable to template injection from user comments
GHSL-2020-178: Template injection in the GitHub workflows of bitbucket-scala-client repository
Automatic GitHub workflows in bitbucket-scala-client repository are vulnerable to template injection from user comments
GHSL-2020-177: Template injection in the GitHub workflows of codacy-plint repository
Automatic GitHub workflows in codacy-pylint repository are vulnerable to template injection from user comments
GHSL-2020-176: Template injection in the GitHub workflows of codacy-scalameta repository
Automatic GitHub workflows in codacy-scalameta repository are vulnerable to template injection from user comments
GHSL-2020-175: Template injection in the GitHub workflows of codacy-analysis-cli repository
Automatic GitHub workflows in codacy-analysis-cli repository are vulnerable to arbitrary code execution from user comments
GHSL-2020-174: Template injection in the GitHub workflows of codacy-coverage-reporter repository
Automatic GitHub workflows in codacy-coverage-reporter repository are vulnerable to template injection from user comments
GHSL-2020-173: Undocumented template expression evaluation in the gajira-comment GitHub action - CVE-2020-14189
The gajira-comment GitHub action supports undocumented template syntax that may lead to arbitrary code execution
GHSL-2020-172: Undocumented template expression evaluation in the gajira-create GitHub action - CVE-2020-14188
The gajira-create GitHub action supports undocumented template syntax that may lead to arbitrary code execution
GHSL-2020-137: Unsafe deserialization in Lumisoft Mail Server
Unsafe deserialization vulnerablities may lead to pre-auth Remote Code Execution (RCE) in Lumisoft MailServer
GHSL-2020-136: Unsafe deserialization vulnerabilties in Lumisoft .NET and Lumisoft MailServer
Unsafe deserialization vulnerablities may lead to pre-auth Remote Code Execution (RCE) in Lumisoft .NET and Lumisoft MailServer
GHSL-2020-142: Heap memory corruption in png-img - CVE-2020-28248
The NAN bindings provided by png-img for libpng are vulnerable to an integer overflow which results in an underallocation of heap memory and subsequent heap memory corruption.
GHSL-2020-138, GHSL-2020-139: Remote code execution (RCE) and elevation of privileges (EoP) in SmartStoreNET - CVE-2020-27996, CVE-2020-27997
SmartStoreNET 4.0.0 is vulnerable to Remote code execution (RCE) and elevation of privileges (EoP)
GHSL-2020-202: Local Privilege Escalation (LPE) in Ubuntu gdm3 - CVE-2020-16125
gdm3 can be tricked into launching `gnome-initial-setup`, enabling an unprivileged user to create a new user account for themselves. The new account is a member of the `sudo` group, so this enables the unprivileged user to obtain admin privileges
GHSL-2020-187: Denial of Service (DoS) in Ubuntu accountsservice - CVE-2020-16126 - CVE-2020-16127
The accountsservice daemon drops privileges to perform certain operations, but in some cases gives unprivileged users permission to send signals. This means that the unprivileged user can send accounts-daemon a `SIGSTOP` signal, which stops the process and causes a denial of service
GHSL-2020-158: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in AspNetCoreMvcSharedLocalization
AspNetCoreMvcSharedLocalization is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS)
GHSL-2020-156: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in IdentityWithoutEF
IdentityWithoutEF is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS)
GHSL-2020-155: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in reactjs-ts-identityserver
reactjs-ts-identityserver is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS)
GHSL-2020-154: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in OnionArch
OnionArch is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS).
GHSL-2020-153: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in dapper-identity
dapper-identity is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS)
GHSL-2020-152: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in DualAuthCore
DualAuthCore is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS)
GHSL-2020-151: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in little-aspnetcore-todo
little-aspnetcore-todo is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS)
GHSL-2020-149: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in Angular-Core-IdentityServer
Angular-Core-IdentityServer is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS)
GHSL-2020-141: Arbitrary code execution in DatabaseSchemaReader - CVE-2020-26207
DatabaseSchemaReader's tool DatabaseSchemaViewer is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted .dbschema file
GHSL-2020-143: Arbitrary Code Execution in FastReports - CVE-2020-27998
FastReports is vulnerable to arbitrary code execution because it compiles and runs C# code from a report template
GHSL-2020-157: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in IdentityManager
IdentityManager is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS).
GHSL-2020-134: NULL dereference in Samba - CVE-2020-14323
An unprivileged local user may trigger a NULL dereference bug in Samba's Winbind service leading to Denial of Service (DoS)
GHSL-2020-074, 077, 078: Memory corruptions in HPLIP - CVE-2020-6923
HPLIP contains two memory corruption vulnerabilities which can be triggered by a malicious device or computer that is connected to the same network.
GHSL-2020-113: Command injection vulnerability in limdu - CVE-2020-4066
The `trainBatch` function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability
GHSL-2020-097: Missing hostname validation in twitter-stream - CVE-2020-24392
Missing hostname validation allows an attacker to perform a monster in the middle attack against users of the library.
GHSL-2020-096: Missing hostname validation in tweetstream - CVE-2020-24393
Missing hostname validation allows an attacker to perform a monster in the middle attack against users of tweetstream
GHSL-2020-145: Command injection on Windows in Opener
Although code execution is part of the intended purpose of Opener, a crafted url can run an arbitrary shell command rather than just launching a browser.
GHSL-2020-140: Open redirect in Traefik - CVE-2020-15129
There exists a potential open redirect vulnerability in Traefik's handling of the `X-Forwarded-Prefix` header.
GHSL-2020-132: SQL Injection in Mailtrain - CVE-2020-24617
SQL injection and missing CSRF protection may lead to Remote Code Execution (RCE) or arbitrary file read.
GHSL-2020-126: Open URL redirect in Orange Forum 1.x.x
There exists an `Open URL redirect` vulnerability in the 1.x.x branch of Orange Forum. An attacker can send an Orange Forum user a crafted link targeting the login page of Orange Forum, redirecting to a malicious site.
GHSL-2020-133: Path traversal vulnerability in Adobe git-server - CVE-2020-9708
Malicious users may access any Git repository on the server even if it is outside the served root directory
GHSL-2020-109: Command injection in codecov
The `upload` method has a command injection vulnerability. Clients of the `codecov-node` library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.
GHSL-2020-095 : Monster in the middle attack in em-imap - CVE-2020-13163
Missing hostname validation allows an attacker to perform a monster in the middle attack against users of the library.
GHSL-2020-076: Server-Side Template Injection in Cascade CMS
A user with privileges to edit templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Cascade CMS.
GHSL-2020-046: Server-Side Template Injection in XWiki
A user with privileges to edit wiki content may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running XWiki.
GHSL-2020-042: Server-Side Template Injection in Crafter CMS
A user with privileges to edit a FreeMarker template may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Crafter CMS.
GHSL-2020-086, 087, 088, 089 - Server-Side Template Injection in Apache Camel - CVE-2020-11994
Apache Camel FreeMarker, Velocity, MVEL and Moustache components are vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) or Arbitrary File Disclosure.
GHSL-2020-069: Unsafe deserialization of XMLRPC arguments in ApacheOfBiz - CVE-2020-9496
Apache OfBiz is vulnerable to pre-auth Remote Code Execution (RCE) via unsafe deserialization.
GHSL-2020-068: Cross-Site Scripting in Apache OfBiz - CVE-2020-9496
Apache OfBiz is vulnerable to Reflected Cross-Site Scripting through POST request
GHSL-2020-111: Command injection vulnerability in standard-version
The GitHub Security Lab team has identified a potential security vulnerability in standard-version.
GHSL-2020-072: Arbitrary file disclosure in JinJava - CVE-2020-12668
A user with privileges to write JinJava templates, for example in a CMS context, will be able to read arbitrary files from the file system.
GHSL-2020-071: Server-side template injection in Lithium CMS
A user with privileges to edit a FreeMarker template may execute arbitrary Java code or run arbitrary system commands with escalated privileges.
GHSL-2020-047: Server-side template injection in dotCMS
A user with privileges to edit templates may execute arbitrary Java code or run arbitrary system commands with escalated privileges.
GHSL-2020-045: Server-side template injection in Atlassian Confluence - CVE-2020-4027
A user with privileges to edit User macros may execute arbitrary Java code or run arbitrary system commands with escalated privileges.
GHSL-2020-043: Server-side template injection in Liferay - CVE-2020-13445
A user with privileges to edit FreeMarker or Velocity templates may execute arbitrary Java code or run arbitrary system commands with escalated privileges.
GHSL-2020-039: Server-side template injection in Alfresco - CVE-2020-12873
A user with privileges to edit a FreeMarker template may execute arbitrary Java code or run arbitrary system commands with escalated privileges.
GHSL-2020-058: OOB read in Apache Guacamole prior to 1.2.0 - CVE-2020-9497
The GitHub Security Lab uncovered an OOB read vulnerability in Apache Guacamole prior to version 1.2.0 which may lead to information leak.
GHSL-2020-128: OOB read vulnerability in FreeRDP RLEDECOMPRESS - CVE-2020-4033
The GitHub Security Lab team has uncovered an OOB read vulnerability in FreeRDP's RLEDECOMPRESS function.
GHSL-2020-125: integer signedness mismatch vulnerability in FreeRDP leads to OOB read - CVE-2020-4032
The GitHub Security Lab team has uncovered an integer signedness mismatch vulnerability in FreeRDP's update_recv_secondary_order function which leads to an OOB read vulnerability.
GHSL-2020-124: OOB read vulnerability in FreeRDP update_recv_primary_order - CVE-2020-11095
The GitHub Security Lab team has uncovered an OOB read vulnerability in FreeRDP's update_recv_primary_order function.
GHSL-2020-107: OOB read vulnerability in FreeRDP update_read_cache_bitmap_v3_order - CVE-2020-11096
The GitHub Security Lab team uncovered an OOB read vulnerability in FreeRDP's update_read_cache_bitmap_v3_order function.
GHSL-2020-106: integer signedness mismatch leading to OOB read in FreeRDP - CVE-2020-4030
The GitHub Security Lab team has uncovered an integer signedness mismatch vulnerability in FreeRDP leading to OOB read.
GHSL-2020-105: OOB read vulnerability in FreeRDP glyph_cache_put - CVE-2020-11098
The GitHub Security Lab team uncovered an OOB read vulnerability in FreeRDP's glyph_cache_put function
GHSL-2020-104: OOB read vulnerability in FreeRDP ntlm_av_pair_get - CVE-2020-11097
The GitHub Security Lab team uncovered an OOB read vulnerability in FreeRDP's ntlm_av_pair_get function.
GHSL-2020-103: OOB read vulnerability in FreeRDP license_read_new_or_upgrade_license_packet - CVE-2020-11099
The GitHub Security Lab team uncovered an OOB read vulnerability in FreeRDP's license_read_new_or_upgrade_license_packet function.
GHSL-2020-122: Command injection in git-diff-apply
The GitHub Security Lab team has identified a potential remote code execution in git-diff-apply.
GHSL-2020-110: Command Injection in mversion
The GitHub Security Lab team has identified a potential remote code execution in mversion
GHSL-2020-119: command injection vulnerability in node-dns-sync resolve method - CVE-2020-11079
The Github team has identified a command injection vulnerability in the resolve method of the node-dns-sync library.
GHSL-2020-102: Heap overflow in FreeRDP crypto_rsa_common - CVE-2020-13398
The GitHub Security Lab team has identified a heap overflow in FreeRDP's crypto_rsa_common function.
GHSL-2020-101: NULL dereference in FreeRDP FIPS routines - CVE-2020-13397
The GitHub Security Lab team identified a NULL dereference in FreeRDP's libfreerdp.
GHSL-2020-100: Out of Bounds (OOB) read vulnerability in FreeRDP - CVE-2020-13396
The GitHub Security Lab team has identified an Out of Bounds read vulnerability in FreeRDP's ntlm_read_ChallengeMessage function.
GHSL-2020-099: mXSS vulnerability in AngularJS
The GitHub Security Lab team has found a potential mXSS vulnerabulity in AngularJS.
GHSL-2020-094: Missing SSL/TLS certificate hostname validation in em-http-request - CVE-2020-13482
The GitHub Security Lab team uncovered a missing hostname validation vulnerability in the em-http-request library that allows an attacker to perform a Person In The Middle (PITM) attack against users of the library.
GHSL-2020-075, GHSL-2020-079, GHSL-2020-080, GHSL-2020-081, GHSL-2020-082, GHSL-2020-083, GHSL-2020-084: Multiple vulnerabilities in SANE Backends (DoS, RCE)
The GitHub Security Lab team identified multiple memory corruption vulnerabilities in SANE Backends which may lead to Denial of Service (DoS) and Remote Code Execution (RCE).
GHSL-2020-064: integer overflow in LibVNCClient HandleCursorShape resulting in remote heap overflow - CVE-2019-20788
The GitHub Security Lab team detected an integer overflow in LibVNCClient HandleCursorShape RFB event handler.
GHSL-2020-057: dbus file descriptor leak (DoS) - CVE-2020-12049
The GitHub Security Lab team has identified a file descriptor leak in dbus that can lead to local Denial of Service.
GHSL-2020-073: Path traversal in Jooby - CVE-2020-7647
The GitHub Security Lab team has identified a path traversal vulnerability in Jooby that can lead to information disclosure.
GHSL-2020-055: Server-Side Template Injection in Apache Syncope (RCE) - CVE-2019-17557
The GitHub Security Lab team has identified several potential security vulnerabilities in Apache Syncope, including RCE and XSS.
GHSL-2020-054: XSS in Apache Syncope - CVE-2020-1961
The GitHub Security Lab team has identified a XSS vulnerability in Apache Syncope.
GHSL-2020-029: Server-Side template injection in Apache Syncope (RCE) - CVE-2020-1959
The GitHub Security Labs team has identified a Server-Side template injection vulnerability in Apache Syncope, which leads to RCE.
GHSL-2020-020: EL expression input sanitation bypass in Hibernate Validator - CVE-2020-10693
The GitHub Security Labs team has identified an EL expression input sanitation bypass vulnerability in Hibernate Validator.
GHSL-2020-085: Open redirect vulnerability in Sourcegraph - CVE-2020-12283
By exploiting an open redirect vulnerability, an attacker could potentially redirect a victim to any arbitrary URL and access their OAUTH token.
GHSL-2020-051, GHSL-2020-052: Multiple vulnerabilities in NTOP nDPI
The GitHub Security Lab team has identified several potential security vulnerabilities in NTOP nDPI, including RCE and DoS.
GHSL-2020-010: Out-Of-Bounds write in Android Open Source Project - CVE-2020-0070
An OOB write in AOSP allows an attacker within NFC range to obtain remote code execution on android device's NFC daemon.
GHSL-2020-008: Out-Of-Bounds write in Android Open Source Project - CVE-2020-0071
An OOB write in AOSP allows an attacker within NFC range to obtain remote code execution on android device's NFC daemon.
GHSL-2020-007: Out-of-bounds write in Android Open Source Project - CVE-2020-0072
An OOB write in AOSP allows an attacker within NFC range to obtain remote code execution on android device's NFC daemon.
GHSL-2020-006: Out-Of-Bounds write in Android Open Source Project - CVE-2020-0073
An OOB write in AOSP allows an attacker within NFC range to obtain remote code execution on android device's NFC daemon.
GHSL-2020-031: SQL injection in PureFTPd
Improper sanitization of SQL queries lead to SQL injection via a configuration file.
GHSL-2020-053: Use After Free in Chrome WebAudio
The GitHub Security Labs team has identified a Use after free in Chrome WebAudio.
GHSL-2020-041: Use After Free in Chrome WebAudio
The GitHub Security Labs team has identified a Use after free in Chrome WebAudio.
GHSL-2020-040: Use After Free in Chrome WebAudio
The GitHub Security Labs team has identified a Use after free in Chrome WebAudio.
GHSL-2020-038: Use after free in Chrome WebAudio
The GitHub Security Labs team has identified a Use after free in Chrome WebAudio.
GHSL-2020-037: Use after free in Chrome WebAudio
The GitHub Security Labs team has identified a Use after free in Chrome WebAudio.
GHSL-2020-035: Use after free in Chrome WebAudio
The GitHub Security Labs team has identified a Use after free in Chrome WebAudio.
GHSL-2020-030: Server-Side Template Injection in Dropwizard
Server-Side Template Injection in Dropwizard leading to Remote Code Execution (RCE).
GHSL-2020-015: Remote Code Execution - Bypass of CVE-2018-16621 mitigations in Nexus Repository Manager
High privileged users can bypass the existing mitigations and inject arbitrary Java EL expressions in Nexus Repository Manager, leading to a Remote Code Execution (RCE) vulnerability.
GHSL-2020-014: Remote Code execution - Dynamic Code Evaluation via Scheduled Tasks in Nexus Repository Manager
It is possible for a user with the right permissions to execute arbitrary groovy or javascript scripts resulting in remote code execution.
GHSL-2020-013: Remote Code Execution - Dynamic Code Evaluation via Scripts in Nexus Repository Manager
It is possible for a user with the right permissions to execute arbitrary groovy or javascript scripts resulting in remote code execution.
GHSL-2020-012: Remote Code Execution - JavaEL Injection (high privileged accounts) in Nexus Repository Manager
High privileged users can inject arbitrary Java EL expressions in Nexus Repository Manager, leading to a Remote Code Execution (RCE) vulnerability.
GHSL-2020-009: UAF leads to RCE in ProFTPD
A use-after-free vulnerability in ProFTPD could allow a remote attacker to execute arbitrary code on the affected system.
GHSL-2020-016: Persistent Cross-Site scripting in Nexus Repository Manager
An attacker with elevated privileges can create content selectors with a specially crafted name using the REST API, which when viewed by another user can execute arbitrary JavaScript in the context of the NXRM application.
GHSL-2020-011: Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager
Attackers can inject arbitrary Java EL expressions in Nexus Repository Manager, leading to a Remote Code Execution (RCE) vulnerability.
GHSL-2020-056: Double free in OpenSSL client
The GitHub Security Labs team has identified a security issue in OpenSSL in which an attacker can force a client into freeing the same memory twice.
GHSL-2020-028: Server-Side Template Injection in Netflix Titus
A Server-Side Template Injection was identified in Netflix Titus enabling attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vulnerability.
GHSL-2020-027: Server-Side Template Injection in Netflix Conductor
A Server-Side Template Injection was identified in Netflix Conductor enabling attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vulnerability.
GHSL-2020-032: out-of-bounds (OOB) read vulnerability in PureFTPd
An out-of-bounds (OOB) read vulnerability has been detected in PureFTPd's pure_strcmp function.
GHSL-2020-026: Person in the middle attacks with lua-openssl
Several security issues have been found in the way X509 certificate validation functions are exposed to LUA. Clients using certain functions in lua-openssl are exposed to person-in-the-middle attacks.
GHSL-2020-025: OOB read and DoS in PureFTPd
An uninitialized pointer vulnerability in PureFTPd results in Out-of-Bounds reads and Denial of Service.
GHSL-2020-003, GHSL-2020-004, GHSL-2020-005: Person in the middle attack on openfortivpn clients
Several security issues have been found in the way openfortivpn deals with TLS. These issues can lead to situations in which an attacker can perform a person-in-the-middle attack on clients.
GHSL-2020-002: out-of-bounds (OOB) read in ProFTPD
An out-of-bounds (OOB) read vulnerability detected in mod_cap.
GHSL-2020-001: Off-by-one heap overflow in Bftpd
Under certain circumstances, an off-by-one heap overflow can occur in the command_retr function.
Disclosure policy
Last updated: April 9th, 2019
The GitHub Security Lab research team is dedicated to working closely with the open source community and with projects that are affected by a vulnerability, in order to protect users and ensure a coordinated disclosure. When we identify a vulnerability in a project, we will report it by contacting the publicly-listed security contact for the project if one exists; otherwise we will attempt to contact the project maintainers directly.
If the project team responds and agrees the issue poses a security risk, we will work with the project security team or maintainers to communicate the vulnerability in detail, and agree on the process for public disclosure. Responsibility for developing and releasing a patch lies firmly with the project team, though we aim to facilitate this by providing detailed information about the vulnerability.
Our disclosure deadline for publicly disclosing a vulnerability is: 90 days after the first report to the project team.
We appreciate the hard work maintainers put into fixing vulnerabilities and understand that sometimes more time is required to properly address an issue. We want project maintainers to succeed and because of that we are always open to discuss our disclosure policy to fit your specific requirements, when warranted.
Please contact us at securitylab@github.com if you have any questions about our disclosure policy or our security research.