Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,960 advisories

Loading
ChakraCore RCE Vulnerability High
CVE-2020-0712 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0710 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0711 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party Critical
CVE-2019-17268 was published for omniauth-weibo-oauth2 (RubyGems) May 24, 2022
Magento deserialization vulnerability Critical
CVE-2020-3716 was published for magento/community-edition (Composer) May 24, 2022
Magento Path Traversal Moderate
CVE-2020-3717 was published for magento/community-edition (Composer) May 24, 2022
Magento stored cross-site scripting vulnerability Moderate
CVE-2020-3715 was published for magento/community-edition (Composer) May 24, 2022
Magento sql injection vulnerability High
CVE-2020-3719 was published for magento/community-edition (Composer) May 24, 2022
Magento security bypass vulnerability Critical
CVE-2020-3718 was published for magento/community-edition (Composer) May 24, 2022
Magento stored cross-site scripting vulnerability Moderate
CVE-2020-3758 was published for magento/community-edition (Composer) May 24, 2022
XXE vulnerability in Jenkins WebSphere Deployer Plugin High
CVE-2020-2108 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Code Coverage API Plugin Moderate
CVE-2020-2106 was published for io.jenkins.plugins:code-coverage-api (Maven) May 24, 2022
NotMyFault
Fortify Plugin stored credentials in plain text Moderate
CVE-2020-2107 was published for org.jenkins-ci.plugins:fortify (Maven) May 24, 2022
NotMyFault
Jenkins REST APIs vulnerable to clickjacking Low
CVE-2020-2105 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Jenkins Diagnostic page exposed session cookies Moderate
CVE-2020-2103 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Jenkins vulnerable to UDP amplification reflection attack Moderate
CVE-2020-2100 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Memory usage graphs accessible to anyone with Overall/Read Moderate
CVE-2020-2104 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins High
CVE-2020-2099 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Non-constant time HMAC comparison Moderate
CVE-2020-2102 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Non-constant time comparison of inbound TCP agent connection secret Moderate
CVE-2020-2101 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Typo3 Cross-Site Scripting in Flash component (ELTS) Moderate
CVE-2020-8091 was published for typo3/cms (Composer) May 24, 2022
Dolibarr Improper Restriction of Excessive Authentication Attempts Critical
CVE-2020-7995 was published for dolibarr/dolibarr (Composer) May 24, 2022
Dolibarr cross-site scripting (XSS) vulnerability Moderate
CVE-2020-7994 was published for dolibarr/dolibarr (Composer) May 24, 2022
Zenario CMS vulnerable to CRLF injection Moderate
CVE-2015-3154 was published for zendframework/zend-http (Composer) May 24, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov High
CVE-2020-7596 was published for codecov (npm) May 24, 2022
mmcshinsky-bitgo
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database