Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

21,144 advisories

Loading
NukeViet Cross-Site Request Forgery (CSRF) Moderate
CVE-2020-13156 was published for nukeviet/nukeviet (Composer) May 24, 2022
NukeViet Cross-Site Request Forgery (CSRF) Moderate
CVE-2020-13157 was published for nukeviet/nukeviet (Composer) May 24, 2022
Wildfly Unsafe Deserialization Vulnerability High
CVE-2020-10740 was published for org.wildfly:wildfly-parent (Maven) May 24, 2022
Dolibarr reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2020-14475 was published for dolibarr/dolibarr (Composer) May 24, 2022
EC-CUBE Directory traversal vulnerability High
CVE-2020-5590 was published for ec-cube/ec-cube (Composer) May 24, 2022
Mattermost Server Sensitive Data Exposure Moderate
CVE-2020-14457 was published for github.com/mattermost/mattermost (Go) May 24, 2022
Improper Input Validation in strapi Moderate
CVE-2020-13961 was published for strapi (npm) May 24, 2022
rtslib-fb weak permissions for /etc/target/saveconfig.json file High
CVE-2020-14019 was published for rtslib-fb (pip) May 24, 2022
WooCommerce Cross-Site Request Forgery (CSRF) High
CVE-2019-20891 was published for woocommerce/woocommerce (Composer) May 24, 2022
Dolibarr SQL injection vulnerability in accountancy/customer/card.php High
CVE-2020-14443 was published for dolibarr/dolibarr (Composer) May 24, 2022
OMERO-web Sensitive Data Exposure Moderate
CVE-2020-7932 was published for omero-web (pip) May 24, 2022
MJML vulnerable to path traversal High
CVE-2020-12827 was published for mjml (npm) May 24, 2022
KumbiaPHP Cross-site Scripting Moderate
CVE-2020-14146 was published for kumbiaphp/kumbiapp (Composer) May 24, 2022
OpenStack Mistral DoS High
CVE-2018-16848 was published for mistral (pip) May 24, 2022
Deserialization of Untrusted Data in Spring Batch High
CVE-2020-5411 was published for org.springframework.batch:spring-batch-core (Maven) May 24, 2022
Openstack cinder Improper handling of ScaleIO backend credentials High
CVE-2020-10755 was published for cinder (pip) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-1073 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
OpenCart Cross-site Scripting Moderate
CVE-2020-13980 was published for opencart/opencart (Composer) May 24, 2022
Comments plugin stored Cross-site Scripting via a guest name Moderate
CVE-2020-13869 was published for verbb/comments (Composer) May 24, 2022
Comments plugin Cross-Site Request Forgery (CSRF) Moderate
CVE-2020-13868 was published for verbb/comments (Composer) May 24, 2022
Comments plugin stored Cross-site Scripting (XSS) via an asset volume name Moderate
CVE-2020-13870 was published for verbb/comments (Composer) May 24, 2022
OS command injection vulnerability in Jenkins Play Framework Plugin High
CVE-2020-2200 was published for org.jenkins-ci.plugins:play-autotest-plugin (Maven) May 24, 2022
NotMyFault
XSS vulnerability in Jenkins Subversion Partial Release Manager Plugin Moderate
CVE-2020-2199 was published for org.jenkins-ci.plugins:svn-partial-release-mgr (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Project Inheritance Plugin Moderate
CVE-2020-2198 was published for hudson.plugins:project-inheritance (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Swarm Plugin Moderate
CVE-2020-2192 was published for org.jenkins-ci.plugins:swarm (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database