Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

20,944 advisories

Loading
Reflected XSS vulnerability in Jenkins gitlab-hook Plugin Moderate
CVE-2020-2096 was published for org.jenkins-ci.ruby-plugins:gitlab-hook (Maven) May 24, 2022
NotMyFault
Redgate SQL Change Automation Plugin stored credentials in plain text Moderate
CVE-2020-2095 was published for com.redgate.plugins.redgatesqlci:redgate-sql-ci (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Robot Framework Plugin High
CVE-2020-2092 was published for org.jenkins-ci.plugins:robot (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins Sounds Plugin allow OS command execution High
CVE-2020-2097 was published for org.jenkins-ci.plugins:sounds (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Amazon EC2 Plugin Low
CVE-2020-2090 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins Amazon EC2 Plugin Moderate
CVE-2020-2091 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Health Advisor by CloudBees Plugin Moderate
CVE-2020-2093 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 24, 2022
NotMyFault
Denial of service in ASP.NET Core Moderate
CVE-2020-0602 was published for Microsoft.AspNetCore.All (NuGet) May 24, 2022
skofman1
Remote code execution in Microsoft.WindowsDesktop.App.Ref High
CVE-2020-0606 was published for Microsoft.WindowsDesktop.App.Ref (NuGet) May 24, 2022
skofman1
Remote code execution in ASP.NET Core High
CVE-2020-0603 was published for Microsoft.AspNetCore.All (NuGet) May 24, 2022
skofman1
Magento arbitrary PHP code execution via the productData parameter High
CVE-2015-6497 was published for magento/core (Composer) May 24, 2022
PyAMF vulnerable to XML external entity (XXE) High
CVE-2015-8549 was published for pyamf (pip) May 24, 2022
XML external entity (XXE) vulnerability in Jenkins High
CVE-2015-1811 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
XML external entity (XXE) vulnerability in Jenkins High
CVE-2015-1809 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
Kubernetes ingress exposes sensitive information Moderate
CVE-2018-1002104 was published for k8s.io/ingress-nginx (Go) May 24, 2022
HashBrown CMS RCE Critical
CVE-2020-6948 was published for hashbrown-cms (npm) May 24, 2022
phpMyAdmin SQL injection in user accounts page High
CVE-2020-5504 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
keycloak vulnerable to unauthorized login via mail server setup Critical
CVE-2019-14837 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
jhutchings1
Moodle does not revoke role capabilities correctly Moderate
CVE-2019-14879 was published for moodle/moodle (Composer) May 24, 2022
HashBrown CMS Directory Traversal High
CVE-2020-5840 was published for hashbrown-cms (npm) May 24, 2022
Buffer Copy without Checking Size of Input in Pillow Critical
CVE-2020-5311 was published for pillow (pip) May 24, 2022
Pivotal Spring Framework contains unsafe Java deserialization methods Critical
CVE-2016-1000027 was published for org.springframework:spring-web (Maven) May 24, 2022
bclozel
Bolt Cross-site Scripting via the slug, teaser or title parameters Moderate
CVE-2019-9553 was published for bolt/bolt (Composer) May 24, 2022
php-shellcommand command injection vulnerability Critical
CVE-2019-10774 was published for mikehaertl/php-shellcommand (Composer) May 24, 2022
Athenz vulnerable to Open Redirect Moderate
CVE-2019-6035 was published for com.yahoo.athenz:athenz (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API