Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,737 advisories

Loading
Yii SQL injection vulnerability Critical
CVE-2018-7269 was published for yiisoft/yii2-dev (Composer) May 24, 2022
Rambox RCE Vulnerability Critical
CVE-2019-17625 was published for Rambox (npm) May 24, 2022
Dolibarr Cross-site Scripting via outgoing email setup feature Moderate
CVE-2019-17576 was published for dolibarr/dolibarr (Composer) May 24, 2022
Dolibarr Cross-site Scripting via outgoing email setup feature Moderate
CVE-2019-17577 was published for dolibarr/dolibarr (Composer) May 24, 2022
Dolibarr Cross-site Scripting vulnerability Moderate
CVE-2019-17578 was published for dolibarr/dolibarr (Composer) May 24, 2022
sr_freecap for Typo3 RCE Vulnerability Critical
CVE-2019-16699 was published for sjbr/sr-freecap (Composer) May 24, 2022
Dolibarr ERP and CRM HTML Injection Moderate
CVE-2019-17223 was published for dolibarr/dolibarr (Composer) May 24, 2022
slub_events for Typo3 Arbitrary File Upload Critical
CVE-2019-16700 was published for slub/slub-events (Composer) May 24, 2022
url_redirect for Typo3 SQLi Vulnerability High
CVE-2019-16682 was published for sfroemken/url_redirect (Composer) May 24, 2022
direct_mail for Typo3 sensitive data exposure Moderate
CVE-2019-16698 was published for directmailteam/direct-mail (Composer) May 24, 2022
Mulesoft Mule Unsafe Deserialization Critical
CVE-2019-13116 was published for org.mule.runtime:mule (Maven) May 24, 2022
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin Critical
CVE-2019-10458 was published for org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline (Maven) May 24, 2022
westonsteimel
Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin Low
CVE-2019-10450 was published for com.elasticbox.jenkins-ci.plugins:elasticbox (Maven) May 24, 2022
Jenkins Fortify on Demand Plugin stores credentials in plain text Moderate
CVE-2019-10449 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
Missing permission check in Jenkins Rundeck Plugin Moderate
CVE-2019-10455 was published for org.jenkins-ci.plugins:rundeck (Maven) May 24, 2022
Jenkins Delphix Plugin vulnerable to Cleartext credential storage High
CVE-2019-10453 was published for org.jenkins-ci.plugins:delphix (Maven) May 24, 2022
Jenkins Oracle Cloud Infrastructure Compute Classic Plugin cross-site request forgery vulnerability Moderate
CVE-2019-10456 was published for org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute-classic (Maven) May 24, 2022
Missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin Moderate
CVE-2019-10457 was published for org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute-classic (Maven) May 24, 2022
Jenkins Rundeck Plugin CSRF vulnerability Moderate
CVE-2019-10454 was published for org.jenkins-ci.plugins:rundeck (Maven) May 24, 2022
Jenkins SOASTA CloudTest Plugin stores API token in plain text Moderate
CVE-2019-10451 was published for com.soasta.jenkins:cloudtest (Maven) May 24, 2022
Jenkins View26 Test-Reporting Plugin stores access token in plain text Moderate
CVE-2019-10452 was published for org.jenkins-ci.plugins:view26 (Maven) May 24, 2022
Jenkins NeoLoad Plugin stores credentials in cleartext High
CVE-2019-10440 was published for org.jenkins-ci.plugins:neoload-jenkins-plugin (Maven) May 24, 2022
Missing permission checks in Google Kubernetes Engine Jenkins Plugin Moderate
CVE-2019-10445 was published for org.jenkins-ci.plugins:google-kubernetes-engine (Maven) May 24, 2022
Jenkins iceScrum Plugin vulnerable to Cross-site Request Forgery Moderate
CVE-2019-10441 was published for org.jenkins-ci.plugins:icescrum (Maven) May 24, 2022
Jenkins iceScrum Plugin vulnerable to Missing Authorization Moderate
CVE-2019-10442 was published for org.jenkins-ci.plugins:icescrum (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database