Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

12,432 advisories

Loading
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison Low
CVE-2023-46656 was published for igalg.jenkins.plugins:multibranch-scan-webhook-trigger (Maven) Oct 25, 2023
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin Low
CVE-2023-46660 was published for org.jenkins-ci.plugins:zanata (Maven) Oct 25, 2023
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison Low
CVE-2023-46658 was published for io.jenkins.plugins:teams-webhook-trigger (Maven) Oct 25, 2023
Jenkins lambdatest-automation Plugin may expose Credentials access token Low
CVE-2023-46653 was published for org.jenkins-ci.plugins:lambdatest-automation (Maven) Oct 25, 2023
Jenkins Gogs Plugin uses non-constant time webhook token comparison Low
CVE-2023-46657 was published for org.jenkins-ci.plugins:gogs-webhook (Maven) Oct 25, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is... Low Unreviewed
CVE-2023-42857 was published Oct 25, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is... Low Unreviewed
CVE-2023-40405 was published Oct 25, 2023
A vulnerability classified as problematic has been found in Dragon Path 707GR1 up to 20231022.... Low Unreviewed
CVE-2023-5789 was published Oct 26, 2023
A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue... Low Unreviewed
CVE-2023-5810 was published Oct 27, 2023
A vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the... Low Unreviewed
CVE-2023-5811 was published Oct 27, 2023
Flyte Admin SQL Injection in List Filters Low
CVE-2023-41891 was published for github.com/flyteorg/flyteadmin (Go) Oct 27, 2023
Sanjana-Sarda
In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a... Low Unreviewed
CVE-2023-40136 was published Oct 27, 2023
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused... Low Unreviewed
CVE-2023-40138 was published Oct 27, 2023
In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images... Low Unreviewed
CVE-2023-40135 was published Oct 27, 2023
In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a... Low Unreviewed
CVE-2023-40134 was published Oct 27, 2023
In multiple locations, there is a possible way to access screenshots due to a confused deputy.... Low Unreviewed
CVE-2023-40127 was published Oct 27, 2023
In multiple functions of DialogFillUi.java, there is a possible way to view another user's images... Low Unreviewed
CVE-2023-40137 was published Oct 27, 2023
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability Low
CVE-2023-5834 was published for github.com/hashicorp/vagrant (Go) Oct 28, 2023
In Package Manager, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2023-21349 was published Oct 30, 2023
In Window Manager, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2023-21348 was published Oct 30, 2023
In Game Manager Service, there is a possible way to determine whether an app is installed,... Low Unreviewed
CVE-2023-21345 was published Oct 30, 2023
In the Device Idle Controller, there is a possible way to determine whether an app is installed,... Low Unreviewed
CVE-2023-21346 was published Oct 30, 2023
Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785... Low Unreviewed
CVE-2023-43295 was published Oct 31, 2023
Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary... Low Unreviewed
CVE-2023-37833 was published Nov 1, 2023
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Low Unreviewed
CVE-2023-5893 was published Nov 1, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database