GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
298 advisories
Filter by severity
Argo CD SSO users vulnerable to Cross-site Scripting
Low
CVE-2022-31102
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 12, 2022
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization
High
CVE-2022-31115
was published
for
opensearch-ruby
(RubyGems)
Jul 5, 2022
Rails::Html::Sanitizer vulnerable to Cross-site Scripting
Moderate
CVE-2022-32209
was published
for
rails-html-sanitizer
(RubyGems)
Jun 25, 2022
Query predicate bypass in Zalando Skipper
High
CVE-2022-34296
was published
for
github.com/zalando/skipper
(Go)
Jun 24, 2022
Space bug in `clean_text`
Moderate
GHSA-p2g9-94wh-65c2
was published
for
ammonia
(Rust)
Jun 16, 2022
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable
Critical
CVE-2022-32511
was published
for
jmespath
(RubyGems)
Jun 7, 2022
Login timing attack in ezsystems/ezpublish-kernel
Critical
GHSA-xfqg-p48g-hh94
was published
for
ezsystems/ezpublish-kernel
(Composer)
Jun 2, 2022
Observable Timing Discrepancy in totp-rs
Moderate
CVE-2022-29185
was published
for
totp-rs
(Rust)
May 24, 2022
Password stored in plain text by Jenkins Nomad Plugin
Moderate
CVE-2021-21681
was published
for
org.jenkins-ci.plugins:nomad
(Maven)
May 24, 2022
Vault GitHub Action did not correctly mask multi-line secrets in output
High
CVE-2021-32074
was published
for
hashicorp/vault-action
(GitHub Actions)
May 24, 2022
Buffer overflow in SmallVec::insert_many
Critical
CVE-2021-25900
was published
for
smallvec
(Rust)
May 24, 2022
Jenkins Plugin Installation Manager Tool did not verify plugin downloads
Critical
CVE-2020-2320
was published
for
io.jenkins.plugin-management:plugin-management-parent-pom
(Maven)
May 24, 2022
XSS vulnerability in Jenkins Gatling Plugin
Moderate
CVE-2020-2173
was published
for
org.jenkins-ci.plugins:gatling
(Maven)
May 24, 2022
Podman has Files or Directories Accessible to External Parties
Moderate
CVE-2020-1726
was published
for
github.com/containers/podman
(Go)
May 24, 2022
Ansible password prompts could expose passwords
High
CVE-2019-10206
was published
for
ansible
(pip)
May 24, 2022
Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials
High
CVE-2019-10476
was published
for
org.jenkins-ci.plugins:zulip
(Maven)
May 24, 2022
OHDSI WebAPI vulnerable to SQL Injection
Critical
CVE-2019-15563
was published
for
org.ohdsi:WebAPI
(Maven)
May 24, 2022
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
Moderate
CVE-2022-24904
was published
for
github.com/argoproj/argo-cd/v2
(Go)
May 23, 2022
Plone User account enumeration via crafted URL
Moderate
CVE-2012-5497
was published
for
plone
(pip)
May 17, 2022
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file
Moderate
CVE-2015-5163
was published
for
glance
(pip)
May 17, 2022
Authentication Bypass in Apache Tomcat
Moderate
CVE-2012-3546
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Cross-site Scripting in Mistune
Moderate
CVE-2017-15612
was published
for
mistune
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API