Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

21,093 advisories

Loading
Argo Exposure of Sensitive Information Moderate
CVE-2018-21034 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
Clamscan vulnerable to command injection High
CVE-2020-7613 was published for clamscan (npm) May 24, 2022
xdlocalstorage does not verify request origin High
CVE-2020-11610 was published for xdlocalstorage (npm) May 24, 2022
XSS vulnerability in Jenkins Gatling Plugin Moderate
CVE-2020-2173 was published for org.jenkins-ci.plugins:gatling (Maven) May 24, 2022
NotMyFault tdunlap607
XXE vulnerability in Jenkins Code Coverage API Plugin High
CVE-2020-2172 was published for io.jenkins.plugins:code-coverage-api (Maven) May 24, 2022
NotMyFault
Reflected XSS vulnerability in Jenkins AWSEB Deployment Plugin Moderate
CVE-2020-2174 was published for br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin (Maven) May 24, 2022
NotMyFault
XSS vulnerability in Jenkins useMango Runner Plugin Moderate
CVE-2020-2176 was published for it.infuse.jenkins:usemango-runner (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins FitNesse Plugin Moderate
CVE-2020-2175 was published for org.jenkins-ci.plugins:fitnesse (Maven) May 24, 2022
NotMyFault
MediaWiki makeCollapsible allows applying event handler to any CSS selector Moderate
CVE-2020-10960 was published for mediawiki/core (Composer) May 24, 2022
anonymous4ACL24
Deserialization of Untrusted Data in Apache Dubbo Moderate
CVE-2019-17564 was published for org.apache.dubbo:dubbo-rpc-http-invoker (Maven) May 24, 2022
Improper Privilege Management in Elasticsearch High
CVE-2020-7009 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
Moodle Oauth 2 Insufficiently Protects Against Compromise Critical
CVE-2019-14880 was published for moodle/moodle (Composer) May 24, 2022
Exposure of Sensitive Information in Gradle publish plugin Moderate
CVE-2020-7599 was published for com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin (Maven) May 24, 2022
Improper Verification of Cryptographic Signature in Apache Netbeans High
CVE-2019-17561 was published for org.codehaus.mevenide:netbeans (Maven) May 24, 2022
Improper Restriction of XML External Entity Reference in Mulesoft APIkit Critical
CVE-2020-10991 was published for org.mule.modules:mule-apikit-module (Maven) May 24, 2022
binary-1024
FrozenNode Laravel-Administrator unrestricted file upload High
CVE-2020-10963 was published for frozennode/administrator (Composer) May 24, 2022
python-apt Does Not Check Hash Signature Moderate
CVE-2019-15796 was published for python-apt (pip) May 24, 2022
python-apt Flawed Package Integrity Check Moderate
CVE-2019-15795 was published for python-apt (pip) May 24, 2022
RCE vulnerability in Jenkins Azure Container Service Plugin High
CVE-2020-2168 was published for org.jenkins-ci.plugins:azure-acs (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins RapidDeploy Plugin High
CVE-2020-2171 was published for org.jenkins-ci.plugins:rapiddeploy-jenkins (Maven) May 24, 2022
NotMyFault
Reflected XSS vulnerability in Jenkins Queue cleanup Plugin Moderate
CVE-2020-2169 was published for org.jenkins-ci.plugins:queue-cleanup (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin High
CVE-2020-2166 was published for de.taimos:pipeline-aws (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins RapidDeploy Plugin Moderate
CVE-2020-2170 was published for org.jenkins-ci.plugins:rapiddeploy-jenkins (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins OpenShift Pipeline Plugin High
CVE-2020-2167 was published for com.openshift.jenkins:openshift-pipeline (Maven) May 24, 2022
NotMyFault
Passwords transmitted in plain text by Jenkins Artifactory Plugin Low
CVE-2020-2165 was published for org.jenkins-ci.plugins:artifactory (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database