Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,479
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,395 advisories

Loading
Grafana XSS via a query alias for the ElasticSearch datasource Moderate
CVE-2020-24303 was published for github.com/grafana/grafana (Go) May 24, 2022
Gophish vulnerable to Server-Side Request Forgery Moderate
CVE-2020-24710 was published for github.com/gophish/gophish (Go) May 24, 2022
Duplicate Advisory: Unauthorized privilege escalation in Mod module High
GHSA-q886-75m2-vff8 was published for red-discordbot (pip) May 24, 2022 withdrawn
YOURLS Stored Cross Site Scripting (XSS) Moderate
CVE-2020-27388 was published for yourls/yourls (Composer) May 24, 2022
Out-of-bounds Read in Facebook Hermes High
CVE-2020-1915 was published for hermes-engine (npm) May 24, 2022
DanielSinclair Nsquik
troZee CHaNGeTe ivan-mattr mmehtonen-24i
fabric8-maven-plugin: insecure way to construct Yaml Object leading to remote code execution High
CVE-2020-10721 was published for io.fabric8:fabric8-maven-plugin (Maven) May 24, 2022
oscerd
Magento 2 Community Edition XSS Vulnerability Moderate
CVE-2020-24408 was published for magento/community-edition (Composer) May 24, 2022
phpMyAdmin SQL injection vulnerability Critical
CVE-2020-26935 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
phpMyAdmin Cross-site Scripting (XSS) Moderate
CVE-2020-26934 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
XXE vulnerability in Jenkins Nerrvana Plugin Moderate
CVE-2020-2298 was published for org.jenkins-ci.plugins:nerrvana-plugin (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins Maven Cascade Release Plugin Moderate
CVE-2020-2294 was published for com.barchart.jenkins:maven-release-cascade (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Maven Cascade Release Plugin Moderate
CVE-2020-2295 was published for com.barchart.jenkins:maven-release-cascade (Maven) May 24, 2022
NotMyFault
Access token stored in plain text by Jenkins SMS Notification Plugin Low
CVE-2020-2297 was published for com.hoiio.jenkins:sms (Maven) May 24, 2022
NotMyFault
PyroCMS Vulnerable to CSRF High
CVE-2020-25263 was published for pyrocms/pyrocms (Composer) May 24, 2022
PyroCMS Vulnerable to CSRF Moderate
CVE-2020-25262 was published for pyrocms/pyrocms (Composer) May 24, 2022
Always-Incorrect Control Flow Implementation in Facebook Hermes Critical
CVE-2020-1914 was published for hermes-engine (npm) May 24, 2022
Nsquik troZee
CHaNGeTe mmehtonen-24i bdellegrazie
Password stored in plain text by Jenkins couchdb-statistics Plugin Low
CVE-2020-2291 was published for org.jenkins-ci.plugins:couchdb-statistics (Maven) May 24, 2022
NotMyFault
Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin High
CVE-2020-2286 was published for org.jenkins-ci.plugins:role-strategy (Maven) May 24, 2022
NotMyFault
Arbitrary file read vulnerability in Jenkins Persona Plugin Moderate
CVE-2020-2293 was published for org.jenkins-ci.plugins:persona (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Release Plugin Moderate
CVE-2020-2292 was published for org.jenkins-ci.plugins:release (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Active Choices Plugin Moderate
CVE-2020-2290 was published for org.biouno:uno-choice (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Active Choices Plugin Moderate
CVE-2020-2289 was published for org.biouno:uno-choice (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Shared Objects Plugin Moderate
CVE-2020-2296 was published for org.jenkins-ci.plugins:shared-objects (Maven) May 24, 2022
NotMyFault
Incorrect default pattern in Jenkins Audit Trail Plugin Moderate
CVE-2020-2288 was published for org.jenkins-ci.plugins:audit-trail (Maven) May 24, 2022
NotMyFault
WEBRick vulnerable to HTTP Request/Response Smuggling High
CVE-2020-25613 was published for webrick (RubyGems) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database