Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,296
Erlang
31
GitHub Actions
21
Go
2,063
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,996 advisories

Loading
RCE vulnerability in Jenkins Azure Container Service Plugin High
CVE-2020-2168 was published for org.jenkins-ci.plugins:azure-acs (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins RapidDeploy Plugin High
CVE-2020-2171 was published for org.jenkins-ci.plugins:rapiddeploy-jenkins (Maven) May 24, 2022
NotMyFault
Improper Neutralization of Input During Web Page Generation in Jenkins Moderate
CVE-2020-2162 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Improper Neutralization of Input During Web Page Generation in Jenkins Moderate
CVE-2020-2163 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
Cross-Site Request Forgery in Jenkins High
CVE-2020-2160 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault sunSUNQ
Improper Neutralization of Input During Web Page Generation in Jenkins Moderate
CVE-2020-2161 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
Stored XSS vulnerability in Jenkins RapidDeploy Plugin Moderate
CVE-2020-2170 was published for org.jenkins-ci.plugins:rapiddeploy-jenkins (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin High
CVE-2020-2166 was published for de.taimos:pipeline-aws (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins OpenShift Pipeline Plugin High
CVE-2020-2167 was published for com.openshift.jenkins:openshift-pipeline (Maven) May 24, 2022
NotMyFault
Passwords transmitted in plain text by Jenkins Artifactory Plugin Low
CVE-2020-2165 was published for org.jenkins-ci.plugins:artifactory (Maven) May 24, 2022
NotMyFault
Passwords stored in plain text by Jenkins Artifactory Plugin Low
CVE-2020-2164 was published for org.jenkins-ci.plugins:artifactory (Maven) May 24, 2022
NotMyFault
CodeIgniter Improper Privilege Management High
CVE-2020-10793 was published for codeigniter4/framework (Composer) May 24, 2022
AutoUpdater.NET allows XXE Critical
CVE-2019-20627 was published for Autoupdater.NET.Official (NuGet) May 24, 2022
phpMyAdmin SQL Injection High
CVE-2020-10804 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
eZ Publish Kernel and Legacy Unrestricted Upload of File with Dangerous Type Critical
CVE-2020-10806 was published for ezsystems/ezpublish-kernel (Composer) May 24, 2022
phpMyAdmin SQL injection vulnerability High
CVE-2020-10802 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
phpMyAdmin SQL injection vulnerability Moderate
CVE-2020-10803 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
Deserialization of Untrusted Data in Liferay Portal Critical
CVE-2020-7961 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) May 24, 2022
amuravski liefke
phpBB arbitrary CSS injection High
CVE-2019-16108 was published for phpbb/phpbb (Composer) May 24, 2022
Ignite Realtime Openfire allows Cross-site Scripting Moderate
CVE-2019-20525 was published for org.igniterealtime.openfire:parent (Maven) May 24, 2022
Ignite Realtime Openfire allows Cross-site Scripting Moderate
CVE-2019-20526 was published for org.igniterealtime.openfire:parent (Maven) May 24, 2022
Ignite Realtime Openfire allows Cross-site Scripting Moderate
CVE-2019-20527 was published for org.igniterealtime.openfire:parent (Maven) May 24, 2022
Ignite Realtime Openfire allows Cross-site Scripting Moderate
CVE-2019-20528 was published for org.igniterealtime.openfire:xmppserver (Maven) May 24, 2022
Moodle XSS Vulnerability Moderate
CVE-2019-14881 was published for moodle/moodle (Composer) May 24, 2022
Moodle reflected Cross-site Scripting (XSS) Moderate
CVE-2019-14884 was published for moodle/moodle (Composer) May 24, 2022
jkylekelly
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database