Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,324 advisories

Loading
Integer overflow in the bundled Brotli C library Moderate
CVE-2020-8927 was published for Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm (NuGet) May 24, 2022
ThinkAdmin directory traversal vulnerability High
CVE-2020-25540 was published for zoujingli/thinkadmin (Composer) May 24, 2022
Improper Preservation of Permissions in Apache Struts High
CVE-2019-0233 was published for org.apache.struts:struts2-core (Maven) May 24, 2022
Cookie parsing failure High
CVE-2020-1045 was published for Microsoft.AspNetCore.App (NuGet) May 24, 2022
GeorgeHady skofman1
Tratcher
Signed to Unsigned Conversion Error in Facebook Hermes High
CVE-2020-1913 was published for hermes-engine (npm) May 24, 2022
Out-of-bounds Read and Out-of-bounds Write in Facebook Hermes High
CVE-2020-1912 was published for hermes-engine (npm) May 24, 2022
Access of Resource Using Incompatible Type in Facebook Hermes Critical
CVE-2020-1911 was published for hermes-engine (npm) May 24, 2022
Guard bypass in Eloquent models affecting Laravel illuminate database component High
CVE-2020-24940 was published for illuminate/database (Composer) May 24, 2022
silverstripe-advancedreports vulnerable to XSS Moderate
CVE-2020-25102 was published for silverstripe-australia/advancedreports (Composer) May 24, 2022
xxl-job Multiple cross-site scripting (XSS) vulnerabilities Moderate
CVE-2020-23814 was published for com.xuxueli:xxl-job (Maven) May 24, 2022
xxl-job sensitive data exposure High
CVE-2020-23811 was published for com.xuxueli:xxl-job (Maven) May 24, 2022
Dolibarr Unrestricted Upload of File with Dangerous Type High
CVE-2020-14209 was published for dolibarr/dolibarr (Composer) May 24, 2022
Reflected XSS vulnerability in Jenkins JSGames Plugin High
CVE-2020-2248 was published for org.jenkins-ci.plugins:jsgames (Maven) May 24, 2022
NotMyFault
XSS vulnerability in Jenkins Build Failure Analyzer Plugin High
CVE-2020-2244 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Klocwork Analysis Plugin High
CVE-2020-2247 was published for org.jenkins-ci.plugins:klocwork (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Cadence vManager Plugin High
CVE-2020-2243 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 24, 2022
NotMyFault
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin Moderate
CVE-2020-2250 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) May 24, 2022
NotMyFault
Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin Moderate
CVE-2020-2251 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Valgrind Plugin High
CVE-2020-2245 was published for org.jenkins-ci.plugins:valgrind (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Database Plugin High
CVE-2020-2240 was published for org.jenkins-ci.plugins:database (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Database Plugin Moderate
CVE-2020-2241 was published for org.jenkins-ci.plugins:database (Maven) May 24, 2022
NotMyFault
Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin Low
CVE-2020-2239 was published for org.jenkins-ci.plugins:Parameterized-Remote-Trigger (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Valgrind Plugin High
CVE-2020-2246 was published for org.jenkins-ci.plugins:valgrind (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Git Parameter Plugin High
CVE-2020-2238 was published for org.jenkins-ci.tools:git-parameter (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins Database Plugin Moderate
CVE-2020-2242 was published for org.jenkins-ci.plugins:database (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database