GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
298 advisories
rails Cross-site Scripting vulnerability
Moderate
CVE-2011-2197
was published
for
actionpack
(RubyGems)
Oct 24, 2017
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2012-3464
was published
for
activesupport
(RubyGems)
Oct 24, 2017
yajl-ruby gem Denial of Service vulnerability
High
CVE-2017-16516
was published
for
yajl-ruby
(RubyGems)
Nov 28, 2017
Cross-Site Scripting in serve-index
Moderate
CVE-2015-8856
was published
for
serve-index
(npm)
Oct 24, 2017
Missing permission check in Jenkins RocketChat Notifier Plugin
Moderate
CVE-2022-28139
was published
for
org.jenkins-ci.plugins:rocketchatnotifier
(Maven)
Mar 30, 2022
Password stored in plain text by Jenkins Nomad Plugin
Moderate
CVE-2021-21681
was published
for
org.jenkins-ci.plugins:nomad
(Maven)
May 24, 2022
Jenkins Plugin Installation Manager Tool did not verify plugin downloads
Critical
CVE-2020-2320
was published
for
io.jenkins.plugin-management:plugin-management-parent-pom
(Maven)
May 24, 2022
Object state limitation has no effect
Critical
GHSA-5x4f-7xgq-r42x
was published
for
ezsystems/ezpublish-kernel
(Composer)
Apr 29, 2022
Cross-Site Scripting in swagger-ui
High
CVE-2016-1000233
was published
for
swagger-ui
(npm)
Sep 1, 2020
AdGuardHome vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-32175
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Oct 11, 2022
Improper Input Validation in multi_xml
High
CVE-2013-0175
was published
for
multi_xml
(RubyGems)
Oct 24, 2017
Exposure of Sensitive Information to an Unauthorized Actor in AEgir
Critical
CVE-2020-11059
was published
for
aegir
(npm)
May 27, 2020
Incorrect Authorization in Drupal core
Moderate
CVE-2020-13676
was published
for
drupal/core
(Composer)
Feb 12, 2022
Regular Expression Denial of Service in papaparse
High
GHSA-qvjc-g5vr-mfgr
was published
for
papaparse
(npm)
Sep 4, 2020
Command Injection in node-rules
High
GHSA-8whr-v3gm-w8h9
was published
for
node-rules
(npm)
Sep 3, 2020
Password exposure in ShenYu
High
CVE-2022-23223
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Cross-Site Scripting in diagram-js
Moderate
GHSA-8fw4-xh83-3j6q
was published
for
diagram-js
(npm)
Sep 11, 2020
Use of Uninitialized Resource in smallvec
High
CVE-2018-25023
was published
for
smallvec
(Rust)
Jan 6, 2022
Regular Expression Denial of Service in simple-markdown
Moderate
GHSA-4xf9-pgvv-xx67
was published
for
simple-markdown
(npm)
Sep 3, 2020
Knex.js has a limited SQL injection vulnerability
High
CVE-2016-20018
was published
for
knex
(npm)
Dec 19, 2022
Cross-site scripting in TileServer GL
Moderate
CVE-2020-15500
was published
for
tileserver-gl
(npm)
May 17, 2021
code injection in phpxmlrpc/phpxmlrpc
High
GHSA-3fgr-xjr6-xqm8
was published
for
phpxmlrpc/phpxmlrpc
(Composer)
Nov 28, 2022
API keys stored in plain text by Jenkins Katalon Plugin
Moderate
CVE-2022-43419
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
Cross-Site Scripting in @hapi/boom
Moderate
GHSA-2ggq-vfcp-gwhj
was published
for
@hapi/boom
(npm)
Sep 4, 2020
ProTip!
Advisories are also available from the
GraphQL API