Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,259 advisories

Loading
XXE vulnerability in Jenkins Nerrvana Plugin Moderate
CVE-2020-2298 was published for org.jenkins-ci.plugins:nerrvana-plugin (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Maven Cascade Release Plugin Moderate
CVE-2020-2295 was published for com.barchart.jenkins:maven-release-cascade (Maven) May 24, 2022
NotMyFault
Access token stored in plain text by Jenkins SMS Notification Plugin Low
CVE-2020-2297 was published for com.hoiio.jenkins:sms (Maven) May 24, 2022
NotMyFault
PyroCMS Vulnerable to CSRF Moderate
CVE-2020-25262 was published for pyrocms/pyrocms (Composer) May 24, 2022
PyroCMS Vulnerable to CSRF High
CVE-2020-25263 was published for pyrocms/pyrocms (Composer) May 24, 2022
Stored XSS vulnerability in Jenkins Active Choices Plugin Moderate
CVE-2020-2289 was published for org.biouno:uno-choice (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Active Choices Plugin Moderate
CVE-2020-2290 was published for org.biouno:uno-choice (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Release Plugin Moderate
CVE-2020-2292 was published for org.jenkins-ci.plugins:release (Maven) May 24, 2022
NotMyFault
Incorrect default pattern in Jenkins Audit Trail Plugin Moderate
CVE-2020-2288 was published for org.jenkins-ci.plugins:audit-trail (Maven) May 24, 2022
NotMyFault
Password stored in plain text by Jenkins couchdb-statistics Plugin Low
CVE-2020-2291 was published for org.jenkins-ci.plugins:couchdb-statistics (Maven) May 24, 2022
NotMyFault
Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin High
CVE-2020-2286 was published for org.jenkins-ci.plugins:role-strategy (Maven) May 24, 2022
NotMyFault
Always-Incorrect Control Flow Implementation in Facebook Hermes Critical
CVE-2020-1914 was published for hermes-engine (npm) May 24, 2022
Nsquik troZee
CHaNGeTe mmehtonen-24i bdellegrazie
Arbitrary file read vulnerability in Jenkins Persona Plugin Moderate
CVE-2020-2293 was published for org.jenkins-ci.plugins:persona (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Shared Objects Plugin Moderate
CVE-2020-2296 was published for org.jenkins-ci.plugins:shared-objects (Maven) May 24, 2022
NotMyFault
WEBRick vulnerable to HTTP Request/Response Smuggling High
CVE-2020-25613 was published for webrick (RubyGems) May 24, 2022
Wildfly-OpenSSL memory leak flaw High
CVE-2020-25644 was published for org.wildfly.openssl:wildfly-openssl-natives-parent (Maven) May 24, 2022
Froala WYSIWYG Editor XSS Vulnerability Moderate
CVE-2020-26523 was published for froala/wysiwyg-editor (Composer) May 24, 2022
MantisBT HTML Injection vulnerability Moderate
CVE-2020-25830 was published for mantisbt/mantisbt (Composer) May 24, 2022
dregad
MediaWiki Cross-site Scripting (XSS) vulnerability Moderate
CVE-2020-25814 was published for mediawiki/core (Composer) May 24, 2022
MediaWiki Special:UserRights exposes the existence of hidden users Moderate
CVE-2020-25813 was published for mediawiki/core (Composer) May 24, 2022
MediaWiki Cross-site Scripting (XSS) vulnerability Moderate
CVE-2020-25828 was published for mediawiki/core (Composer) May 24, 2022
OATHAuth extension in MediaWiki is not implementing rate limit High
CVE-2020-25827 was published for mediawiki/core (Composer) May 24, 2022
MediaWiki Cross-site Scripting (XSS) vulnerability Moderate
CVE-2020-25815 was published for mediawiki/core (Composer) May 24, 2022
MediaWiki Cross-site Scripting (XSS) vulnerability Moderate
CVE-2020-25812 was published for mediawiki/core (Composer) May 24, 2022
Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs Moderate
CVE-2020-2285 was published for org.jenkins-ci.plugins:liquibase-runner (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database