Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,412
Erlang
33
GitHub Actions
22
Go
2,148
Maven
5,000+
npm
3,814
NuGet
689
pip
3,487
Pub
12
RubyGems
901
Rust
900
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,463 advisories

Loading
browsershot local file inclusion vulnerability Moderate
CVE-2020-7790 was published for spatie/browsershot (Composer) May 24, 2022
OpenCart Cross-Site Request Forgery (CSRF) Low
CVE-2020-28838 was published for opencart/opencart (Composer) May 24, 2022
Information leak in Gerrit Low
CVE-2020-8920 was published for com.google.gerrit:gerrit-plugin-api (Maven) May 24, 2022
q5438722
Azure SDK for Java Security Feature Bypass Vulnerability High
CVE-2020-16971 was published for com.azure:azure-core-amqp (Maven) May 24, 2022
Wildfly has a memory leak vulnerability Moderate
CVE-2020-27822 was published for org.wildfly:wildfly-parent (Maven) May 24, 2022
Moodle stored Cross-site Scripting (XSS) Moderate
CVE-2020-25627 was published for moodle/moodle (Composer) May 24, 2022
Moodle Cross-site Scripting (XSS) Moderate
CVE-2020-25631 was published for moodle/moodle (Composer) May 24, 2022
Moodle Denial of Service High
CVE-2020-25630 was published for moodle/moodle (Composer) May 24, 2022
Moodle incorrect access control High
CVE-2020-25629 was published for moodle/moodle (Composer) May 24, 2022
OpenStack Horizon Open redirect in workflow forms Moderate
CVE-2020-29565 was published for horizon (pip) May 24, 2022
snapcraft Access Restriction Bypass Moderate
CVE-2020-27348 was published for snapcraft (pip) May 24, 2022
Cabot Cross Site Scripting (XSS) vulnerability via Address column Moderate
CVE-2020-25449 was published for cabot (pip) May 24, 2022
EC-CUBE Improper Restriction of Rendered UI Layers or Frames Moderate
CVE-2020-5679 was published for ec-cube/ec-cube (Composer) May 24, 2022
EC-CUBE Improper input validation vulnerability High
CVE-2020-5680 was published for ec-cube/ec-cube (Composer) May 24, 2022
keyget vulnerable to prototype pollution Critical
CVE-2020-28272 was published for keyget (npm) May 24, 2022
Missing permission checks in Jenkins Chaos Monkey Plugin High
CVE-2020-2322 was published for io.jenkins.plugins:chaos-monkey (Maven) May 24, 2022
NotMyFault anonymous-nlp-student
Missing permission checks in Jenkins Chaos Monkey Plugin Moderate
CVE-2020-2323 was published for io.jenkins.plugins:chaos-monkey (Maven) May 24, 2022
NotMyFault
Jenkins Plugin Installation Manager Tool did not verify plugin downloads Critical
CVE-2020-2320 was published for io.jenkins.plugin-management:plugin-management-parent-pom (Maven) May 24, 2022
westonsteimel NotMyFault
tdunlap607
XXE vulnerability in Jenkins CVS Plugin High
CVE-2020-2324 was published for org.jenkins-ci.plugins:cvs (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Shelve Project Plugin High
CVE-2020-2321 was published for org.jenkins-ci.plugins:shelve-project-plugin (Maven) May 24, 2022
NotMyFault
blosc2 heap-based buffer overflow High
CVE-2020-29367 was published for blosc2 (pip) May 24, 2022
Cross site scripting in Crafter CMS Moderate
CVE-2017-15682 was published for org.craftercms:crafter-core (Maven) May 24, 2022
XML injection in Crafter CMS High
CVE-2017-15683 was published for org.craftercms:crafter-core (Maven) May 24, 2022
Missing Authorization in Crafter CMS Moderate
CVE-2017-15680 was published for org.craftercms:crafter-core (Maven) May 24, 2022
Heketi logs sensitive information Moderate
CVE-2020-10763 was published for github.com/heketi/heketi (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database