Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

460 advisories

Loading
DNS based denial of service in Apache Wicket High
CVE-2021-23937 was published for org.apache.wicket:wicket-core (Maven) May 24, 2022
raboof
Path traversal vulnerability in Jenkins agent names High
CVE-2021-21605 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
EC-CUBE Improper input validation vulnerability High
CVE-2020-5680 was published for ec-cube/ec-cube (Composer) May 24, 2022
ASP.NET Core Denial of Service Vulnerability High
CVE-2020-1597 was published for Microsoft.AspNetCore.All (NuGet) May 24, 2022
ASP.NET Core Denial of Service Vulnerability High
CVE-2020-1161 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) May 24, 2022
Moodle vulnerable to RCE High
CVE-2020-10738 was published for moodle/moodle (Composer) May 24, 2022
SaltStack Salt is vulnerable Arbitrary Directory Access High
CVE-2020-11652 was published for salt (pip) May 24, 2022
Improper Input Validation in Undertow High
CVE-2020-1757 was published for io.undertow:undertow-core (Maven) May 24, 2022
yawkat
Improper Verification of Cryptographic Signature in Apache Netbeans High
CVE-2019-17561 was published for org.codehaus.mevenide:netbeans (Maven) May 24, 2022
RCE vulnerability in Jenkins Azure Container Service Plugin High
CVE-2020-2168 was published for org.jenkins-ci.plugins:azure-acs (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin High
CVE-2020-2166 was published for de.taimos:pipeline-aws (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins OpenShift Pipeline Plugin High
CVE-2020-2167 was published for com.openshift.jenkins:openshift-pipeline (Maven) May 24, 2022
NotMyFault
Froxlor arbitrary code execution via the database configuration options High
CVE-2020-10235 was published for froxlor/froxlor (Composer) May 24, 2022
Improper Input Validation in Jenkins Pipeline: Groovy Plugin High
CVE-2020-2109 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 24, 2022
Improper Input Validation in Jenkins Script Security Plugin High
CVE-2020-2110 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
Grin Insufficient Validation High
CVE-2020-6638 was published for grin (Rust) May 24, 2022
Remote code execution in Microsoft.WindowsDesktop.App.Ref High
CVE-2020-0606 was published for Microsoft.WindowsDesktop.App.Ref (NuGet) May 24, 2022
skofman1
Magento arbitrary PHP code execution via the productData parameter High
CVE-2015-6497 was published for magento/core (Composer) May 24, 2022
Ansible password prompts could expose passwords High
CVE-2019-10206 was published for ansible (pip) May 24, 2022
tdunlap607
Cezerin Unauthorized Acces High
CVE-2019-18608 was published for cezerin (npm) May 24, 2022
Magento 2 Community Edition RCE Vulnerability High
CVE-2019-7885 was published for magento/community-edition (Composer) May 24, 2022
mastercactapus proxyprotocol vulnerable to denial of service High
CVE-2019-14243 was published for github.com/mastercactapus/proxyprotocol (Go) May 24, 2022
Improper Input Validation in Apache Kafka High
CVE-2018-17196 was published for org.apache.kafka:kafka (Maven) May 24, 2022
phpBB Denial of Service High
CVE-2019-9826 was published for phpbb/phpbb (Composer) May 24, 2022
Drools Improper Input Validation vulnerability allows remote attackers to execute arbitrary code in JBoss EAP High
CVE-2010-3708 was published for org.drools:drools-core (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database