GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,944 advisories
Filter by severity
Non-constant time HMAC comparison
Moderate
CVE-2020-2102
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Jenkins Diagnostic page exposed session cookies
Moderate
CVE-2020-2103
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Jenkins vulnerable to UDP amplification reflection attack
Moderate
CVE-2020-2100
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Memory usage graphs accessible to anyone with Overall/Read
Moderate
CVE-2020-2104
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Dolibarr Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2020-7995
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Typo3 Cross-Site Scripting in Flash component (ELTS)
Moderate
CVE-2020-8091
was published
for
typo3/cms
(Composer)
May 24, 2022
Dolibarr cross-site scripting (XSS) vulnerability
Moderate
CVE-2020-7994
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Zenario CMS vulnerable to CRLF injection
Moderate
CVE-2015-3154
was published
for
zendframework/zend-http
(Composer)
May 24, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov
High
CVE-2020-7596
was published
for
codecov
(npm)
May 24, 2022
Plone Unauthenticated Write Vulnerability
Critical
CVE-2020-7941
was published
for
Plone
(pip)
May 24, 2022
Umbraco CMS vulnerable to CSRF
Moderate
CVE-2020-7210
was published
for
UmbracoCMS.Core
(NuGet)
May 24, 2022
Undertow vulnerable to Uncontrolled Resource Consumption
High
CVE-2019-14888
was published
for
io.undertow:undertow-core
(Maven)
May 24, 2022
Inconsistent Interpretation of HTTP Requests in Waitress
High
CVE-2019-16792
was published
for
waitress
(pip)
May 24, 2022
papercrop does not properly handle crop input
Critical
CVE-2015-2784
was published
for
papercrop
(RubyGems)
May 24, 2022
SaltStack Salt is vulnerable to command injection
Critical
CVE-2019-17361
was published
for
salt
(pip)
May 24, 2022
phpBB Cross-Site Request Forgery (CSRF)
Moderate
CVE-2020-5501
was published
for
phpbb/phpbb
(Composer)
May 24, 2022
Missing permission checks in Health Advisor by CloudBees Plugin
Moderate
CVE-2020-2094
was published
for
org.jenkins-ci.plugins:cloudbees-jenkins-advisor
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins Sounds Plugin allow OS command execution
High
CVE-2020-2098
was published
for
org.jenkins-ci.plugins:sounds
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API