GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,726 advisories
Filter by severity
Ansible leaks sensitive information to logs when told not to
Moderate
CVE-2019-14858
was published
for
ansible
(pip)
May 24, 2022
Craft CMS XSS Vulnerability
Moderate
CVE-2019-17496
was published
for
craftcms/cms
(Composer)
May 24, 2022
z-song laravel-admin XSS via the Slug or Name on the Roles screen
Moderate
CVE-2019-17433
was published
for
encore/laravel-admin
(Composer)
May 24, 2022
koji hub allows arbitrary upload destinations
High
CVE-2019-17109
was published
for
koji
(pip)
May 24, 2022
OpenStack Octavia Amphora-Agent not requiring Client-Certificate
Critical
CVE-2019-17134
was published
for
octavia
(pip)
May 24, 2022
Centreon Does Not Set HTTPOnly Flag
High
CVE-2019-17104
was published
for
centreon/centreon
(Composer)
May 24, 2022
Centreon Sensitive Data Exposure
Moderate
CVE-2019-17106
was published
for
centreon/centreon
(Composer)
May 24, 2022
Ansible Uses Plugins That Disclose Credentials
High
CVE-2019-14846
was published
for
ansible
(pip)
May 24, 2022
Centreon Privilege Escalation
Critical
CVE-2018-21025
was published
for
centreon/centreon
(Composer)
May 24, 2022
TeamPass Stored Cross-site Scripting
Moderate
CVE-2019-17205
was published
for
nilsteampassnet/teampass
(Composer)
May 24, 2022
TeamPass Stored Cross-site Scripting
Moderate
CVE-2019-17204
was published
for
nilsteampassnet/teampass
(Composer)
May 24, 2022
TeamPass Stored Cross-site Scripting
Moderate
CVE-2019-17203
was published
for
nilsteampassnet/teampass
(Composer)
May 24, 2022
wolfCrypt leaks cryptographic information via timing side channel
Moderate
CVE-2019-13628
was published
for
wolfcrypt
(pip)
May 24, 2022
Cross-site Scripting in Eclipse Mojarra
Moderate
CVE-2019-17091
was published
for
org.glassfish:jakarta.faces
(Maven)
May 24, 2022
Cargo prior to Rust 1.26.0 may download the wrong dependency
High
CVE-2019-16760
was published
for
cargo
(Rust)
May 24, 2022
Cleartext Transmission of Sensitive Information in Apache MINA
High
CVE-2019-0231
was published
for
org.apache.mina:mina-core
(Maven)
May 24, 2022
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
Critical
CVE-2019-10202
was published
for
org.codehaus.jackson:jackson-mapper-asl
(Maven)
May 24, 2022
Improper Control of Generation of Code in Jenkins Script Security Plugin
Critical
CVE-2019-10431
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Jenkins LDAP Email Plugin shows plain text password in configuration form
Low
CVE-2019-10434
was published
for
com.mtvi.plateng.hudson:ldapemail
(Maven)
May 24, 2022
DingTalk Plugin stores credentials in plain text
Low
CVE-2019-10433
was published
for
io.jenkins.plugins:dingding-notifications
(Maven)
May 24, 2022
Jenkins SourceGear Vault plugin transmits credentials in plain text
High
CVE-2019-10435
was published
for
org.jenkins-ci.plugins:vault-scm-plugin
(Maven)
May 24, 2022
Jenkins HTML Publisher Plugin vulnerable to Cross-site Scripting
Moderate
CVE-2019-10432
was published
for
org.jenkins-ci.plugins:htmlpublisher
(Maven)
May 24, 2022
phpBB Cross-Site Request Forgery (CSRF)
High
CVE-2019-16993
was published
for
phpbb/phpbb
(Composer)
May 24, 2022
Dolibarr stored Cross-site Scripting vulnerability
Moderate
CVE-2019-16685
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Dolibarr Cross-site Scripting in a User Note section
Moderate
CVE-2019-16686
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API