Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,740 advisories

Loading
Typo3 Cross-Site Scripting in Flash component (ELTS) Moderate
CVE-2020-8091 was published for typo3/cms (Composer) May 24, 2022
Dolibarr Improper Restriction of Excessive Authentication Attempts Critical
CVE-2020-7995 was published for dolibarr/dolibarr (Composer) May 24, 2022
Dolibarr cross-site scripting (XSS) vulnerability Moderate
CVE-2020-7994 was published for dolibarr/dolibarr (Composer) May 24, 2022
Zenario CMS vulnerable to CRLF injection Moderate
CVE-2015-3154 was published for zendframework/zend-http (Composer) May 24, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov High
CVE-2020-7596 was published for codecov (npm) May 24, 2022
mmcshinsky-bitgo
Plone allows weak passwords High
CVE-2020-7940 was published for Plone (pip) May 24, 2022
Plone SQL Injection Vulnerability High
CVE-2020-7939 was published for Plone (pip) May 24, 2022
Plone cross site scripting (XSS) Moderate
CVE-2020-7937 was published for Plone (pip) May 24, 2022
Plone Open Redirect Vulnerability Moderate
CVE-2020-7936 was published for Plone (pip) May 24, 2022
Plone Privilege Escallation High
CVE-2020-7938 was published for Plone (pip) May 24, 2022
Plone Unauthenticated Write Vulnerability Critical
CVE-2020-7941 was published for Plone (pip) May 24, 2022
Umbraco CMS vulnerable to CSRF Moderate
CVE-2020-7210 was published for UmbracoCMS.Core (NuGet) May 24, 2022
Undertow vulnerable to Uncontrolled Resource Consumption High
CVE-2019-14888 was published for io.undertow:undertow-core (Maven) May 24, 2022
Inconsistent Interpretation of HTTP Requests in Waitress High
CVE-2019-16792 was published for waitress (pip) May 24, 2022
Grin Insufficient Validation High
CVE-2020-6638 was published for grin (Rust) May 24, 2022
papercrop does not properly handle crop input Critical
CVE-2015-2784 was published for papercrop (RubyGems) May 24, 2022
SaltStack Salt is vulnerable to command injection Critical
CVE-2019-17361 was published for salt (pip) May 24, 2022
phpBB allows CSRF Moderate
CVE-2020-5502 was published for phpbb/phpbb (Composer) May 24, 2022
phpBB Cross-Site Request Forgery (CSRF) Moderate
CVE-2020-5501 was published for phpbb/phpbb (Composer) May 24, 2022
Missing permission checks in Health Advisor by CloudBees Plugin Moderate
CVE-2020-2094 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins Sounds Plugin allow OS command execution High
CVE-2020-2097 was published for org.jenkins-ci.plugins:sounds (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Sounds Plugin allow OS command execution High
CVE-2020-2098 was published for org.jenkins-ci.plugins:sounds (Maven) May 24, 2022
NotMyFault
Reflected XSS vulnerability in Jenkins gitlab-hook Plugin Moderate
CVE-2020-2096 was published for org.jenkins-ci.ruby-plugins:gitlab-hook (Maven) May 24, 2022
NotMyFault
Redgate SQL Change Automation Plugin stored credentials in plain text Moderate
CVE-2020-2095 was published for com.redgate.plugins.redgatesqlci:redgate-sql-ci (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Robot Framework Plugin High
CVE-2020-2092 was published for org.jenkins-ci.plugins:robot (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database