GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,960 advisories
Filter by severity
ChakraCore RCE Vulnerability
High
CVE-2020-0710
was published
for
Microsoft.ChakraCore
(NuGet)
May 24, 2022
ChakraCore RCE Vulnerability
High
CVE-2020-0713
was published
for
Microsoft.ChakraCore
(NuGet)
May 24, 2022
ChakraCore RCE Vulnerability
High
CVE-2020-0712
was published
for
Microsoft.ChakraCore
(NuGet)
May 24, 2022
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party
Critical
CVE-2019-17268
was published
for
omniauth-weibo-oauth2
(RubyGems)
May 24, 2022
Magento deserialization vulnerability
Critical
CVE-2020-3716
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Path Traversal
Moderate
CVE-2020-3717
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento stored cross-site scripting vulnerability
Moderate
CVE-2020-3715
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento sql injection vulnerability
High
CVE-2020-3719
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento security bypass vulnerability
Critical
CVE-2020-3718
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento stored cross-site scripting vulnerability
Moderate
CVE-2020-3758
was published
for
magento/community-edition
(Composer)
May 24, 2022
XXE vulnerability in Jenkins WebSphere Deployer Plugin
High
CVE-2020-2108
was published
for
org.jenkins-ci.plugins:websphere-deployer
(Maven)
May 24, 2022
Fortify Plugin stored credentials in plain text
Moderate
CVE-2020-2107
was published
for
org.jenkins-ci.plugins:fortify
(Maven)
May 24, 2022
Jenkins REST APIs vulnerable to clickjacking
Low
CVE-2020-2105
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Stored XSS vulnerability in Code Coverage API Plugin
Moderate
CVE-2020-2106
was published
for
io.jenkins.plugins:code-coverage-api
(Maven)
May 24, 2022
Non-constant time comparison of inbound TCP agent connection secret
Moderate
CVE-2020-2101
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Non-constant time HMAC comparison
Moderate
CVE-2020-2102
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Jenkins Diagnostic page exposed session cookies
Moderate
CVE-2020-2103
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Jenkins vulnerable to UDP amplification reflection attack
Moderate
CVE-2020-2100
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
High
CVE-2020-2099
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Memory usage graphs accessible to anyone with Overall/Read
Moderate
CVE-2020-2104
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Typo3 Cross-Site Scripting in Flash component (ELTS)
Moderate
CVE-2020-8091
was published
for
typo3/cms
(Composer)
May 24, 2022
Dolibarr Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2020-7995
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Dolibarr cross-site scripting (XSS) vulnerability
Moderate
CVE-2020-7994
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Zenario CMS vulnerable to CRLF injection
Moderate
CVE-2015-3154
was published
for
zendframework/zend-http
(Composer)
May 24, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov
High
CVE-2020-7596
was published
for
codecov
(npm)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API