Advisories

Summary

CVE
Other Security Advisories
Public Acknowledgements

CVE

#	Reference	Vulnerability	Project	Language
62	CVE-2023-26103	Regular Expression Denial of Service (ReDoS)	deno	Rust
61	CVE-2023-0040	CRLF Injection	async-http-client	Swift
60	CVE-2022-3918	CRLF Injection	apple/swift-corelibs-foundation	Swift
59	CVE-2022-3215	HTTP Response Splitting	apple/swift-nio	Swift
58	CVE-2022-24065	Command Injection	cookiecutter	Python
57	CVE-2022-26945	Command Injection	hashicorp/go-getter	Go
56	CVE-2022-25878	Prototype Pollution	protobufjs	JavaScript
55	CVE-2022-25865	Command Injection	workspace-tools	JavaScript
54	CVE-2022-21190	Prototype Pollution	convict	JavaScript
53	CVE-2022-29184	Remote Code Execution (RCE)	gocd	Java
52	CVE-2022-21189	Prototype Pollution	dexie	JavaScript
51	CVE-2022-25303	Cross-Site Scripting (XSS)	whoogle-search	Python
50	CVE-2022-25866	Command Injection	czproject/git-php	PHP
49	CVE-2022-25648	Command Injection	git	Ruby
48	CVE-2022-25766	Remote Code Execution (RCE)	ungit	JavaScript
47	CVE-2022-24440	Command Injection	cocoapods-downloader	Ruby
46	CVE-2022-24433	Command Injection	simple-git	JavaScript
45	CVE-2022-23915	Remote Code Execution (RCE)	Weblate	Python
44	CVE-2022-21803	Prototype Pollution	nconf	JavaScript
43	CVE-2022-21235	Command Injection	Masterminds/vcs	Go
42	CVE-2022-21223	Command Injection	cocoapods-downloader	Ruby
41	CVE-2022-21187	Command Injection	libvcs	Python
40	CVE-2021-23820	Prototype Pollution	json-pointer	JavaScript
39	CVE-2021-23807	Prototype Pollution	jsonpointer	JavaScript
38	CVE-2021-23784	Cross-Site Scripting (XSS)	tempura	JavaScript
37	CVE-2021-23682	Prototype Pollution	litespeed.js	JavaScript
37	CVE-2021-23682	Prototype Pollution	appwrite/server-ce	JavaScript
36	CVE-2021-23624	Prototype Pollution	dotty	JavaScript
35	CVE-2021-23597	Denial of Service (DoS)	fastify-multipart	JavaScript
34	CVE-2021-23509	Prototype Pollution	json-ptr	JavaScript
33	CVE-2021-23472	Cross-Site Scripting (XSS)	bootstrap-table	JavaScript
32	CVE-2021-23447	Cross-Site Scripting (XSS)	teddy	JavaScript
31	CVE-2021-23445	Cross-Site Scripting (XSS)	datatables.net	JavaScript
30	CVE-2021-23444	Prototype Pollution	jointjs	JavaScript
29	CVE-2021-23443	Cross-Site Scripting (XSS)	edge.js	JavaScript
28	CVE-2021-23440	Prototype Pollution	set-value	JavaScript
27	CVE-2021-23438	Prototype Pollution	mpath	JavaScript
26	CVE-2021-23436	Prototype Pollution	immer	JavaScript
25	CVE-2021-23434	Prototype Pollution	object-path	JavaScript
24	CVE-2021-23390	Arbitrary Code Execution	total4	JavaScript
23	CVE-2021-23389	Arbitrary Code Execution	total.js	JavaScript
22	CVE-2021-23358	Arbitrary Code Execution	underscore	JavaScript
21	CVE-2021-23352	Command Injection	madge	JavaScript
20	CVE-2021-23335	LDAP Injection	is-user-valid	JavaScript
19	CVE-2020-8186	Command Injection	devcert	JavaScript
18	CVE-2020-7792	Prototype Pollution	mout	JavaScript
17	CVE-2020-7789	Command Injection	node-notifier	JavaScript
16	CVE-2020-7777	Arbitrary Code Execution	jsen	JavaScript
15	CVE-2020-7772	Prototype Pollution	doc-path	JavaScript
14	CVE-2020-7770	Prototype Pollution	json8	JavaScript
13	CVE-2020-7766	Prototype Pollution	json-ptr	JavaScript
12	CVE-2020-7746	Prototype Pollution	chart.js	JavaScript
11	CVE-2020-7743	Prototype Pollution	mathjs	JavaScript
10	CVE-2020-7742	Prototype Pollution	simpl-schema	JavaScript
9	CVE-2020-28499	Prototype Pollution	merge	JavaScript
8	CVE-2020-28495	Prototype Pollution	total.js	JavaScript
7	CVE-2020-28494	Command Injection	total.js	JavaScript
6	CVE-2020-28480	Prototype Pollution	jointjs	JavaScript
5	CVE-2020-28478	Prototype Pollution	gsap	JavaScript
4	CVE-2020-28477	Prototype Pollution	immer	JavaScript
3	CVE-2020-28464	Arbitrary Code Execution	djv	JavaScript
2	CVE-2020-28458	Prototype Pollution	datatables.net	JavaScript
1	CVE-2020-28442	Prototype Pollution	js-data	JavaScript

Other Security Advisories

#	Reference	Vulnerability	Project	Language
22	Link	Remote Code Execution (RCE)	mozilla/pontoon	Python
21	Snyk Advisory	Prototype Pollution	style-dictionary	JavaScript
20	Snyk Advisory	Prototype Pollution	highcharts	JavaScript
19	Snyk Advisory	Prototype Pollution	jiff	JavaScript
18	Snyk Advisory	Prototype Pollution	i18next	JavaScript
17	Snyk Advisory	Unsafe Deserialization	props	JavaScript
16	HackerOne Report	Prototype Pollution	@firebase/util	JavaScript
15	HackerOne Report	LDAP Injection	meemo-app	JavaScript
14	HackerOne Report	LDAP Injection	cloudron-surfer	JavaScript
13	HackerOne Report	Command Injection	wireguard-wrapper	JavaScript
12	HackerOne Report	Prototype Pollution	plain-object-merge	JavaScript
11	HackerOne Report	Prototype Pollution	extend-merge	JavaScript
10	HackerOne Report	Command Injection	gfc	JavaScript
9	HackerOne Report	Command Injection	diskstats	JavaScript
8	HackerOne Report	Prototype Pollution	objtools	JavaScript
7	HackerOne Report	Prototype Pollution	keyd	JavaScript
6	HackerOne Report	Cross-Site Scripting (XSS)	flsaba	JavaScript
5	HackerOne Report	Command Injection	extra-asciinema	JavaScript
4	HackerOne Report	Command Injection	vboxmanage.js	JavaScript
3	HackerOne Report	Command Injection	extra-ffmpeg	JavaScript
2	HackerOne Report	Prototype Pollution	object-path-set	JavaScript
1	HackerOne Report	Command Injection	xps	JavaScript

Public Acknowledgements

Swift forums:
- CVE-2023-0040: Swift Forum Announcement
- CVE-2022-3215: Swift Forum Announcement
Mozilla Web Hall of Fame: 1st Quarter 2022
gocd: releases 22.1.0
hashicorp: HCSEC-2022-13
Fastweb Hall of Fame: 2020
TIM Hall of Fame: 2020