Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,001
Maven
5,000+
npm
3,711
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,707 advisories

Loading
Nokogiri implementation of libxslt vulnerable to heap corruption High
CVE-2019-5815 was published for nokogiri (RubyGems) May 24, 2022
Modoboa is vulnerable to an XML External Entity Injection (XXE) High
CVE-2019-19702 was published for modoboa-dmarc (pip) May 24, 2022
OpenStack Keystone Credential Leakage High
CVE-2019-19687 was published for keystone (pip) May 24, 2022
phpMyAdmin unsanitized Git information Critical
CVE-2019-19617 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
GitBook allows Cross-site Scripting via a local .md file. Moderate
CVE-2019-19596 was published for gitbook (npm) May 24, 2022
Kubernetes CSI Sidecar Containers Can Allow Unauthorized Data Access Moderate
CVE-2019-11255 was published for github.com/kubernetes-csi/external-provisioner (Go) May 24, 2022
Keycloak Authentication Error Critical
CVE-2019-14910 was published for org.keycloak:keycloak-parent (Maven) May 24, 2022
Keycloak Authentication Error High
CVE-2019-14909 was published for org.keycloak:keycloak-parent (Maven) May 24, 2022
Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite Low
CVE-2016-1000021 was published for cli (npm) May 24, 2022 withdrawn
FreeIPA logs passwords embedded in commands in calls using batch Moderate
CVE-2019-10195 was published for freeipa (pip) May 24, 2022
Dolibarr ERP and CRM contain XSS Vulnerability Moderate
CVE-2019-19206 was published for dolibarr/dolibarr (Composer) May 24, 2022
Ansible password prompts could expose passwords High
CVE-2019-14856 was published for ansible (pip) May 24, 2022
Katello cleartext password storage issue Low
CVE-2019-14825 was published for katello (RubyGems) May 24, 2022
Cross-site Scripting in RabbitMQ Low
CVE-2019-11291 was published for rabbit_common (Erlang) May 24, 2022
Pivotal RabbitMQ is vulnerable to a denial of service attack High
CVE-2019-11287 was published for RabbitMQ (Erlang) May 24, 2022
Use of Externally-Controlled Input to Select Classes or Code in Infinispan High
CVE-2019-10174 was published for org.infinispan:infinispan-core (Maven) May 24, 2022
Pagekit File Upload vulnerability High
CVE-2019-19013 was published for pagekit/pagekit (Composer) May 24, 2022
Designate does not enforce the DNS protocol limit concerning record set sizes Moderate
CVE-2015-5694 was published for designate (pip) May 24, 2022
Ansible password prompts could expose passwords High
CVE-2019-10206 was published for ansible (pip) May 24, 2022
tdunlap607
Plaintext Storage in Jenkins Spira Importer Plugin Low
CVE-2019-16543 was published for com.inflectra.spiratest.plugins:inflectra-spira-integration (Maven) May 24, 2022
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin Moderate
CVE-2019-16546 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) May 24, 2022
Jenkins Google Compute Engine Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2019-16548 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) May 24, 2022
Jenkins Google Compute Engine Plugin Missing Authorization vulnerability Moderate
CVE-2019-16547 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) May 24, 2022
Jenkins QMetry for JIRA Plugin shows plain text password in configuration form Low
CVE-2019-16545 was published for org.jenkins-ci.plugins:qmetry-for-jira-test-management (Maven) May 24, 2022
Jenkins Support Core Plugin allowed users with Overall/Read permission to delete arbitrary files High
CVE-2019-16540 was published for org.jenkins-ci.plugins:support-core (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database