Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,614 advisories

Loading
OHDSI WebAPI vulnerable to SQL Injection Critical
CVE-2019-15563 was published for org.ohdsi:WebAPI (Maven) May 24, 2022
tdunlap607
Spoon Library as used in Fork CMS allows PHP object injection Critical
CVE-2019-15521 was published for spoon/library (Composer) May 24, 2022
Kimai v2 is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2019-15481 was published for kevinpapst/kimai2 (Composer) May 24, 2022
jhutchings1
Bolt Cross-site Scripting (XSS) via a title that is mishandled in the system log Moderate
CVE-2019-15483 was published for bolt/bolt (Composer) May 24, 2022
Elastic APM agent for Python client CGI proxy redirection flaw Moderate
CVE-2019-7617 was published for elastic-apm (pip) May 24, 2022
Dolibarr Cross-Site Request Forgery (CSRF) High
CVE-2019-15062 was published for dolibarr/dolibarr (Composer) May 24, 2022
golang.org/x/net/http vulnerable to a reset flood High
CVE-2019-9514 was published for golang.org/x/net (Go) May 24, 2022
golang.org/x/net/http vulnerable to ping floods High
CVE-2019-9512 was published for golang.org/x/net (Go) May 24, 2022
Istio ReDoS Vulnerability High
CVE-2019-14993 was published for istio.io/istio (Go) May 24, 2022
Hashicorp Nomad Access Control Issues Critical
CVE-2019-12618 was published for github.com/hashicorp/nomad (Go) May 24, 2022
MySQL for Node.js Unsafe Options Moderate
CVE-2019-14939 was published for mysql (npm) May 24, 2022
Bagisto CSRF Vulnerability High
CVE-2019-14933 was published for bagisto/bagisto (Composer) May 24, 2022
OpenStack Nova Server Resource Faults Leak External Exception Details High
CVE-2019-14433 was published for nova (pip) May 24, 2022
Backpack\CRUD for Laravel XSS Vulnerability Moderate
CVE-2018-20962 was published for backpack/crud (Composer) May 24, 2022
Relution Enterprise Appstore Publisher Jenkins Plugin contains Cross-Site Request Forgery Moderate
CVE-2019-10388 was published for org.jenkins-ci.plugins:relution-publisher (Maven) May 24, 2022
Jenkins TestLink Plugin stores credentials in plain text Low
CVE-2019-10378 was published for org.jenkins-ci.plugins:testlink (Maven) May 24, 2022
Jenkins Simple Travis Pipeline Runner Plugin script sandbox bypass vulnerability High
CVE-2019-10380 was published for org.jenkins-ci.plugins:simple-travis-runner (Maven) May 24, 2022
Jenkins Google Cloud Messaging Notification Plugin stores credentials in plain text Moderate
CVE-2019-10379 was published for org.jenkins-ci.plugins:gcm-notification (Maven) May 24, 2022
Jenkins eggplant-plugin Plugin stores credentials in plain text Moderate
CVE-2019-10385 was published for org.jenkins-ci.plugins:eggplant-plugin (Maven) May 24, 2022
Missing permission check in Jenkins XL TestView Plugin Moderate
CVE-2019-10387 was published for com.xebialabs.xlt.ci:xltestview-plugin (Maven) May 24, 2022
Cross-site request forgery vulnerability in Jenkins XL TestView Plugin High
CVE-2019-10386 was published for com.xebialabs.xlt.ci:xltestview-plugin (Maven) May 24, 2022
Jenkins VMware Lab Manager Slaves Plugin vulnerable to Improper Certificate Validation Moderate
CVE-2019-10382 was published for org.jenkins-ci.plugins:labmanager (Maven) May 24, 2022
Jenkins Build Pipeline Plugin vulnerable to Cross-site Scripting Moderate
CVE-2019-10373 was published for org.jenkins-ci.plugins:build-pipeline-plugin (Maven) May 24, 2022
Missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin Moderate
CVE-2019-10389 was published for org.jenkins-ci.plugins:relution-publisher (Maven) May 24, 2022
Jenkins Gitlab Authentication Plugin vulnerable to Session Fixation High
CVE-2019-10371 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database