| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2019-1020001 | yard before 0.9.20 allows path traversal.... | M | |
| CVE-2019-1020002 | Pterodactyl before 0.7.14 with 2FA allows credential sniffing.... | | |
| CVE-2019-1020003 | invenio-records before 1.2.2 allows XSS.... | | |
| CVE-2019-1020004 | Tridactyl before 1.16.0 allows fake key events.... | | |
| CVE-2019-1020005 | invenio-communities before 1.0.0a20 allows XSS.... | | |
| CVE-2019-1020006 | invenio-app before 1.1.1 allows host header injection.... | E M | |
| CVE-2019-1020007 | Dependency-Track before 3.5.1 allows XSS.... | | |
| CVE-2019-1020008 | stacktable.js before 1.0.4 allows XSS.... | | |
| CVE-2019-1020009 | Fleet before 2.1.2 allows exposure of SMTP credentials.... | | |
| CVE-2019-1020010 | Misskey before 10.102.4 allows hijacking a user's token.... | E M | |
| CVE-2019-1020011 | SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without se... | | |
| CVE-2019-1020012 | parse-server before 3.4.1 allows DoS after any POST to a volatile class.... | S | |
| CVE-2019-1020013 | parse-server before 3.6.0 allows account enumeration.... | S | |
| CVE-2019-1020014 | docker-credential-helpers before 0.6.3 has a double free in the List functions.... | S | |
| CVE-2019-1020015 | graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while v... | S | |
| CVE-2019-1020016 | ASH-AIO before 2.0.0.3 allows an open redirect.... | | |
| CVE-2019-1020017 | Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via ... | S | |
| CVE-2019-1020018 | Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via ... | S | |
| CVE-2019-1020019 | invenio-previewer before 1.0.0a12 allows XSS.... | E M |