GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,944 advisories
Filter by severity
Reflected XSS vulnerability in Jenkins gitlab-hook Plugin
Moderate
CVE-2020-2096
was published
for
org.jenkins-ci.ruby-plugins:gitlab-hook
(Maven)
May 24, 2022
Redgate SQL Change Automation Plugin stored credentials in plain text
Moderate
CVE-2020-2095
was published
for
com.redgate.plugins.redgatesqlci:redgate-sql-ci
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Robot Framework Plugin
High
CVE-2020-2092
was published
for
org.jenkins-ci.plugins:robot
(Maven)
May 24, 2022
Missing permission checks in Jenkins Sounds Plugin allow OS command execution
High
CVE-2020-2097
was published
for
org.jenkins-ci.plugins:sounds
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins Amazon EC2 Plugin
Low
CVE-2020-2090
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
Missing permission checks in Jenkins Amazon EC2 Plugin
Moderate
CVE-2020-2091
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
CSRF vulnerability in Health Advisor by CloudBees Plugin
Moderate
CVE-2020-2093
was published
for
org.jenkins-ci.plugins:cloudbees-jenkins-advisor
(Maven)
May 24, 2022
Denial of service in ASP.NET Core
Moderate
CVE-2020-0602
was published
for
Microsoft.AspNetCore.All
(NuGet)
May 24, 2022
Remote code execution in Microsoft.WindowsDesktop.App.Ref
High
CVE-2020-0606
was published
for
Microsoft.WindowsDesktop.App.Ref
(NuGet)
May 24, 2022
Remote code execution in ASP.NET Core
High
CVE-2020-0603
was published
for
Microsoft.AspNetCore.All
(NuGet)
May 24, 2022
Magento arbitrary PHP code execution via the productData parameter
High
CVE-2015-6497
was published
for
magento/core
(Composer)
May 24, 2022
PyAMF vulnerable to XML external entity (XXE)
High
CVE-2015-8549
was published
for
pyamf
(pip)
May 24, 2022
XML external entity (XXE) vulnerability in Jenkins
High
CVE-2015-1811
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
XML external entity (XXE) vulnerability in Jenkins
High
CVE-2015-1809
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Kubernetes ingress exposes sensitive information
Moderate
CVE-2018-1002104
was published
for
k8s.io/ingress-nginx
(Go)
May 24, 2022
phpMyAdmin SQL injection in user accounts page
High
CVE-2020-5504
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
keycloak vulnerable to unauthorized login via mail server setup
Critical
CVE-2019-14837
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
Moodle does not revoke role capabilities correctly
Moderate
CVE-2019-14879
was published
for
moodle/moodle
(Composer)
May 24, 2022
HashBrown CMS Directory Traversal
High
CVE-2020-5840
was published
for
hashbrown-cms
(npm)
May 24, 2022
Buffer Copy without Checking Size of Input in Pillow
Critical
CVE-2020-5311
was published
for
pillow
(pip)
May 24, 2022
Pivotal Spring Framework contains unsafe Java deserialization methods
Critical
CVE-2016-1000027
was published
for
org.springframework:spring-web
(Maven)
May 24, 2022
Bolt Cross-site Scripting via the slug, teaser or title parameters
Moderate
CVE-2019-9553
was published
for
bolt/bolt
(Composer)
May 24, 2022
php-shellcommand command injection vulnerability
Critical
CVE-2019-10774
was published
for
mikehaertl/php-shellcommand
(Composer)
May 24, 2022
Athenz vulnerable to Open Redirect
Moderate
CVE-2019-6035
was published
for
com.yahoo.athenz:athenz
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API