Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,584 advisories

Loading
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux... High Unreviewed
CVE-2019-18897 was published May 24, 2022
When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB... High Unreviewed
CVE-2019-4357 was published May 24, 2022
Cross-site Scripting in Jenkins Autocomplete Parameter Plugin High
CVE-2022-30970 was published for org.jenkins-ci.plugins:autocomplete-parameter (Maven) May 18, 2022
NotMyFault
IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and... High Unreviewed
CVE-2019-4448 was published May 24, 2022
IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and... High Unreviewed
CVE-2019-4447 was published May 24, 2022
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External... High Unreviewed
CVE-2019-4513 was published May 24, 2022
Cross-site Scripting in Jenkins vboxwrapper Plugin High
CVE-2022-30968 was published for org.jenkins-ci.plugins:vboxwrapper (Maven) May 18, 2022
NotMyFault
XML External Entity Reference in Jenkins Storable Configs Plugin High
CVE-2022-30971 was published for org.jvnet.hudson.plugins:storable-configs-plugin (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins JDK Parameter Plugin High
CVE-2022-30963 was published for org.jenkins-ci.plugins:JDK_Parameter_Plugin (Maven) May 18, 2022
NotMyFault
Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not... High Unreviewed
CVE-2014-0592 was published May 17, 2022
cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary... High Unreviewed
CVE-2014-2707 was published May 17, 2022
Multiple use-after-free vulnerabilities in the layout implementation in Blink, as used in Google... High Unreviewed
CVE-2013-6658 was published May 17, 2022
The SVGAnimateElement::calculateAnimatedValue function in core/svg/SVGAnimateElement.cpp in Blink... High Unreviewed
CVE-2013-6654 was published May 17, 2022
Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider... High Unreviewed
CVE-2014-0789 was published May 17, 2022
Use-after-free vulnerability in Blink, as used in Google Chrome before 33.0.1750.117, allows... High Unreviewed
CVE-2013-6655 was published May 17, 2022
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is... High Unreviewed
CVE-2019-4424 was published May 24, 2022
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity... High Unreviewed
CVE-2019-4340 was published May 24, 2022
IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners... High Unreviewed
CVE-2019-4227 was published May 24, 2022
IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0... High Unreviewed
CVE-2019-4433 was published May 24, 2022
An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access... High Unreviewed
CVE-2022-41412 was published Nov 30, 2022
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and... High Unreviewed
CVE-2020-36388 was published May 24, 2022
Apache Dolphin Scheduler has insufficiently protected credentials High
CVE-2022-26885 was published for org.apache.dolphinscheduler:dolphinscheduler-common (Maven) Nov 24, 2022
Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on WordPress. High Unreviewed
CVE-2022-26366 was published Nov 30, 2022
Use-after-free vulnerability in the web contents implementation in Google Chrome before 33.0.1750... High Unreviewed
CVE-2013-6653 was published May 17, 2022
FusionAuth vulnerable to directory traversal attack High
CVE-2022-45921 was published for io.fusionauth:fusionauth-java-client (Maven) Nov 28, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database