GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,857
NuGet
696
pip
3,639
Pub
12
RubyGems
912
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+
21,908 advisories
Filter by severity
Ansible Code Injection Vulnerability
Critical
CVE-2014-4678
was published
for
ansible
(pip)
May 24, 2022
net-ldap has weak salt when generating passwords
Moderate
CVE-2014-0083
was published
for
net-ldap
(RubyGems)
May 24, 2022
bson-objectid contains Improper input validation
High
CVE-2019-19729
was published
for
bson-objectid
(npm)
May 24, 2022
Pebble Templates Improper Input Validation vulnerability
Critical
CVE-2019-19899
was published
for
io.pebbletemplates:pebble-project
(Maven)
May 24, 2022
XSS in Ignite Realtime Openfire via isTrustStore
Moderate
CVE-2019-20366
was published
for
org.igniterealtime.openfire:parent
(Maven)
May 24, 2022
Istio vulnerable to denial of service
High
CVE-2019-18817
was published
for
istio.io/istio
(Go)
May 24, 2022
HornetQ REST vulnerable to Improper Restriction of XML External Entity Reference
Moderate
CVE-2014-3599
was published
for
org.hornetq.rest:hornetq-rest
(Maven)
May 24, 2022
Improper Verification of Cryptographic Signature in matrix-synapse
High
CVE-2019-18835
was published
for
matrix-synapse
(pip)
May 24, 2022
Magento remote code execution vulnerability
High
CVE-2019-8154
was published
for
magento/community-edition
(Composer)
May 24, 2022
Play Framework Inadequate Encryption Strength vulnerability
High
CVE-2019-17598
was published
for
com.typesafe.play:play-ws_2.12
(Maven)
May 24, 2022
Magento Broken authentication and session managememt
Critical
CVE-2019-8149
was published
for
magento/community-edition
(Composer)
May 24, 2022
Numpy Deserialization of Untrusted Data
Critical
CVE-2019-6446
was published
for
numpy
(pip)
May 24, 2022
Cross-site Scripting in Bootstrap-3-Typeahead
Moderate
CVE-2019-10215
was published
for
bassjobsen/bootstrap-3-typeahead
(Composer)
May 24, 2022
TeamPass Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2019-16904
was published
for
nilsteampassnet/teampass
(Composer)
May 24, 2022
Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form
High
CVE-2019-10428
was published
for
org.jenkins-ci.plugins:aqua-security-scanner
(Maven)
May 24, 2022
Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form
Moderate
CVE-2019-10427
was published
for
org.jenkins-ci.plugins:aqua-microscanner
(Maven)
May 24, 2022
Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text
Moderate
CVE-2019-10430
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
May 24, 2022
Project Inheritance Plugin showed secret environment variables defined in Mask Passwords Plugin
Moderate
CVE-2019-10407
was published
for
hudson.plugins:project-inheritance
(Maven)
May 24, 2022
Jenkins Gem Publisher Plugin stores credentials as plaintext
Moderate
CVE-2019-10426
was published
for
net.arangamani.jenkins:gem-publisher
(Maven)
May 24, 2022
Improper Neutralization of Input During Web Page Generation in Jenkins
Moderate
CVE-2019-10406
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Jenkins GitLab Logo Plugin stores credentials unencrypted
Moderate
CVE-2019-10429
was published
for
org.jenkins-ci.plugins:gitlab-logo
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API