Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

21,093 advisories

Loading
Stored XSS vulnerability in Jenkins ECharts API Plugin Moderate
CVE-2020-2194 was published for io.jenkins.plugins:echarts-api (Maven) May 24, 2022
NotMyFault
Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection High
CVE-2020-2196 was published for org.jenkins-ci.plugins:selenium (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins ECharts API Plugin Moderate
CVE-2020-2193 was published for io.jenkins.plugins:echarts-api (Maven) May 24, 2022
NotMyFault
Improper permission checks in Jenkins Swarm Plugin Moderate
CVE-2020-2191 was published for org.jenkins-ci.plugins:swarm (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Compact Columns Plugin Moderate
CVE-2020-2195 was published for org.jenkins-ci.plugins:compact-columns (Maven) May 24, 2022
NotMyFault
Improper Neutralization of Input During Web Page Generation in Jenkins Script Security Plugin Moderate
CVE-2020-2190 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
containernetworking/plugins vulnerable to MitM attacks Moderate
CVE-2020-10749 was published for github.com/containernetworking/plugins (Go) May 24, 2022
Gravity Forms plugin leak hashed passwords High
CVE-2020-13764 was published for wp-premium/gravityforms (Composer) May 24, 2022
MediaWiki Open Redirect vulnerability Moderate
CVE-2020-10959 was published for mediawiki/core (Composer) May 24, 2022
Grafana XSS via a column style Moderate
CVE-2018-18624 was published for github.com/grafana/grafana (Go) May 24, 2022
bbPress unauthenticated privilege-escalation Critical
CVE-2020-13693 was published for bbpress/bbpress (Composer) May 24, 2022
Fork CMS Cross-site Scripting Vulnerability Moderate
CVE-2020-13633 was published for forkcms/forkcms (Composer) May 24, 2022
Knock Knock plugin Open redirection vulnerability Moderate
CVE-2020-13486 was published for verbb/knock-knock (Composer) May 24, 2022
Centreon Sensitive Data Exposure vulnerability Moderate
CVE-2020-10945 was published for centreon/centreon (Composer) May 24, 2022
Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header Critical
CVE-2020-13485 was published for verbb/knock-knock (Composer) May 24, 2022
bbPress stored Cross-Site Scripting (XSS) vulnerability in the Forum creation section Moderate
CVE-2020-13487 was published for bbpress/bbpress (Composer) May 24, 2022
Image Resizer Cross-site Scripting (XSS) in the Bulk Resize action Moderate
CVE-2020-13459 was published for verbb/image-resizer (Composer) May 24, 2022
Image Resizer Cross-Site Request Forgery (CSRF) High
CVE-2020-13458 was published for verbb/image-resizer (Composer) May 24, 2022
Grafana XSS via the OpenTSDB datasource Moderate
CVE-2020-13430 was published for github.com/grafana/grafana (Go) May 24, 2022
meinheld vulnerable to HTTP Request Smuggling Moderate
CVE-2020-7658 was published for meinheld (pip) May 24, 2022
ASP.NET Core Denial of Service Vulnerability High
CVE-2020-1161 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) May 24, 2022
.NET Core & .NET Framework Denial of Service Vulnerability High
CVE-2020-1108 was published for Microsoft.NETCore.App (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-1065 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore Remote Code Execution Vulnerability High
CVE-2020-1037 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
Moodle vulnerable to RCE High
CVE-2020-10738 was published for moodle/moodle (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database