Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,743
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,989 advisories

Loading
CSRF vulnerability in Jenkins P4 Plugin Moderate
CVE-2020-2141 was published for org.jenkins-ci.plugins:p4 (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by Jenkins Logstash Plugin Low
CVE-2020-2143 was published for org.jenkins-ci.plugins:logstash (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by Repository Connector Plugin Low
CVE-2020-2149 was published for org.jenkins-ci.plugins:repository-connector (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins P4 Plugin Moderate
CVE-2020-2142 was published for org.jenkins-ci.plugins:p4 (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Timestamper Plugin Moderate
CVE-2020-2137 was published for org.jenkins-ci.plugins:timestamper (Maven) May 24, 2022
NotMyFault
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2135 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault
Arbitrary file write vulnerability in Jenkins Cobertura Plugin Moderate
CVE-2020-2139 was published for org.jenkins-ci.plugins:cobertura (Maven) May 24, 2022
NotMyFault
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2134 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault
XSS vulnerability in Jenkins Audit Trail Plugin Moderate
CVE-2020-2140 was published for org.jenkins-ci.plugins:audit-trail (Maven) May 24, 2022
NotMyFault
Improper Neutralization of Input During Web Page Generation in Jenkins Git Plugin Moderate
CVE-2020-2136 was published for org.jenkins-ci.plugins:git (Maven) May 24, 2022
Froxlor arbitrary code execution via the database configuration options High
CVE-2020-10235 was published for froxlor/froxlor (Composer) May 24, 2022
Froxlor Information Disclosure Moderate
CVE-2020-10236 was published for froxlor/froxlor (Composer) May 24, 2022
Froxlor Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2020-10237 was published for froxlor/froxlor (Composer) May 24, 2022
SEOmatic for CraftCMS allows Server-Side Template Injection Critical
CVE-2020-9757 was published for nystudio107/craft-seomatic (Composer) May 24, 2022
Cross-site Scripting in Apache Struts Moderate
CVE-2015-2992 was published for org.apache.struts:struts2-core (Maven) May 24, 2022
CardGate Payments plugin for WooCommerce does not validate request origin High
CVE-2020-8819 was published for cardgate/woocommerce (Composer) May 24, 2022
DNN Path Traversal via Zip Slip High
CVE-2020-5187 was published for DotNetNuke.Core (NuGet) May 24, 2022
DNN File Upload Vulnerability Moderate
CVE-2020-5188 was published for DotNetNuke.Core (NuGet) May 24, 2022
DNN XSS Vulnerability Moderate
CVE-2020-5186 was published for DotNetNuke.Core (NuGet) May 24, 2022
Deserialization of Untrusted Data in JYaml Critical
CVE-2020-8441 was published for org.jyaml:jyaml (Maven) May 24, 2022
Silverstripe CSRF Protection Bypass via GraphQL High
CVE-2019-12437 was published for silverstripe/graphql (Composer) May 24, 2022
SilverStripe Denial of Service on flush and development URL tools Moderate
CVE-2019-12246 was published for silverstripe/framework (Composer) May 24, 2022
OpenStack Nova can leak consoleauth token into log files Low
CVE-2015-9543 was published for Nova (pip) May 24, 2022
promise-probe OS command injection vulnerability Critical
CVE-2019-10791 was published for promise-probe (npm) May 24, 2022
component-flatten vulnerable to Prototype Pollution Moderate
CVE-2019-10794 was published for component-flatten (npm) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database