GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,932 advisories
SnakeYaml Constructor Deserialization Remote Code Execution
High
CVE-2022-1471
was published
for
org.yaml:snakeyaml
(Maven)
Dec 12, 2022
Protobuf Java vulnerable to Uncontrolled Resource Consumption
High
CVE-2022-3510
was published
for
com.google.protobuf:protobuf-java
(Maven)
Dec 12, 2022
Protobuf Java vulnerable to Uncontrolled Resource Consumption
High
CVE-2022-3509
was published
for
com.google.protobuf:protobuf-java
(Maven)
Dec 12, 2022
Stored XSS vulnerability in Jenkins Checkmarx Plugin
High
CVE-2022-46684
was published
for
com.checkmarx.jenkins:checkmarx
(Maven)
Dec 12, 2022
Spring Boot Admins integrated notifier support allows arbitrary code execution
High
CVE-2022-46166
was published
for
de.codecentric:spring-boot-admin
(Maven)
Dec 9, 2022
Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List
High
CVE-2022-23496
was published
for
nl.basjes.parse.useragent:yauaa
(Maven)
Dec 8, 2022
TERASOLUNA Server Framework vulnerable to ClassLoader manipulation
High
CVE-2022-43484
was published
for
org.terasoluna.gfw:terasoluna-gfw-common
(Maven)
Dec 5, 2022
Password exposure in H2 Database
High
CVE-2022-45868
was published
for
com.h2database:h2
(Maven)
Nov 23, 2022
TestNG is vulnerable to Path Traversal
High
CVE-2022-4065
was published
for
org.testng:testng
(Maven)
Nov 19, 2022
XXL-JOB vulnerable to Server-Side Request Forgery (SSRF)
High
CVE-2022-43183
was published
for
com.xuxueli:xxl-job-core
(Maven)
Nov 17, 2022
Jenkins Config Rotator Plugin vulnerable to path traversal
High
CVE-2022-45388
was published
for
org.jenkins-ci.main:config-rotator
(Maven)
Nov 16, 2022
Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS)
High
CVE-2022-45401
was published
for
org.jenkins-ci.main:associated-files-plugin
(Maven)
Nov 16, 2022
XXE vulnerability in Jenkins JAPEX Plugin
High
CVE-2022-45400
was published
for
org.jvnet.hudson.plugins:japex
(Maven)
Nov 16, 2022
Jenkins BART Plugin vulnerable to cross-site scripting (XSS)
High
CVE-2022-45387
was published
for
org.jenkins-ci.plugins:bart
(Maven)
Nov 16, 2022
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions
High
CVE-2022-45379
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Nov 16, 2022
ProTip!
Advisories are also available from the
GraphQL API