Warning This repository is no longer maintained.
Up to date list of vulnerabilities is available at Zigrin Security Advisories page.
- 2021
- CVE-2021-45096 - External XML Entity Injection in workflow import
- CVE-2021-45097 - Weak file permissions when installed in unattended mode
- CVE-2021-44726 - DOM-based XSS in a login panel
- CVE-2021-44725 - Directory Path Traversal in the profiles section
- CVE-2021-42369 - SQL Injection vulnerability in contacts CSV export
- CVE-2021-41326 - Command Injection vulnerability in Opendata export
- CVE-2021-37742 - Stored XSS when viewing Galaxy Cluster Relationships
- 2020
- CVE-2020-25216 - XSLT Remote Code Execution in XML when opening XML files together with custom stylesheets
- CVE-2020-25215 - XML External Entity injection when opening XML files
- CVE-2020-9407 - Information disclsure in cookie
- CVE-2020-9406 - Command injection in queryBCP method
- CVE-2020-9405 - Reflected XSS in redirect page
- CVE-2020-8894 - Mishandling of discussion threads ACL
- CVE-2020-8893 - Reflected XSS in Galaxy view
- CVE-2020-8890 - Bruteforce protection not working in very specific environments
- 2019
- 2018
- 2017
- KNIME
- Imagicle
- Open Source Threat Intelligence Platform
- CVE-2021-41326 - Command Injection vulnerability in Opendata export
- CVE-2021-37742 - Stored XSS when viewing Galaxy Cluster Relationships
- CVE-2020-8894 - Mishandling of discussion threads ACL
- CVE-2020-8893 - Reflected XSS in Galaxy view
- CVE-2020-8890 - Bruteforce protection not working in very specific environments
- CVE-2019-12868 - Command injection via phar:// deserialization
- CVE-2018-11245 - XSS with cortex type attributes
- CVE-2017-16802 - XSS in the sharingGroupPopulateOrganisations function
- Mistune
- Online Weather
- yEd