Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,713 advisories

Loading
Jenkins Coverity Plugin vulnerable to cross-site request forgery (CSRF) High
CVE-2022-36920 was published for org.jenkins-ci.plugins:coverity (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins openstack-heat Plugin Moderate
CVE-2022-36911 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
NotMyFault
Missing permission check in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36909 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
Missing permission check in Coverity Plugin allows capturing credentials High
CVE-2022-36921 was published for org.jenkins-ci.plugins:coverity (Maven) Jul 28, 2022
NotMyFault
Jenkins rhnpush-plugin does not perform a permission check in a method implementing form validation Moderate
CVE-2022-36892 was published for org.jenkins-ci.plugins:rhnpush-plugin (Maven) Jul 28, 2022
Missing permission checks in Jenkins openstack-heat Plugin Moderate
CVE-2022-36912 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
NotMyFault
Jenkins Android Signing Plugin allows attackers to check whether attacker-specified file patterns match workspace contents Moderate
CVE-2022-36915 was published for org.jenkins-ci.plugins:android-signing (Maven) Jul 28, 2022
Jenkins Openstack Heat Plugin does not perform permission checks in methods implementing form validation Moderate
CVE-2022-36913 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
Jenkins Google Cloud Backup Plugin allows attackers with Overall/Read permission to request a manual backup. Moderate
CVE-2022-36917 was published for org.jenkins-ci.plugins:google-cloud-backup (Maven) Jul 28, 2022
Jenkins Buckminster Plugin does not perform a permission check in a method implementing form validation Moderate
CVE-2022-36918 was published for org.jenkins-ci.plugins:buckminster (Maven) Jul 28, 2022
Shopware vulnerable to persistent cross site scripting (XSS) in customer module Moderate
CVE-2022-31148 was published for shopware/shopware (Composer) Jul 27, 2022
Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack Moderate
CVE-2022-31109 was published for laminas/laminas-diactoros (Composer) Jul 27, 2022
MaximilianKresse
grapesjs before 0.19.5 vulnerable to Cross-site Scripting Moderate
CVE-2022-21802 was published for grapesjs (npm) Jul 26, 2022
Fava time and filter parameters vulnerable to reflected Cross-site Scripting Moderate
CVE-2022-2514 was published for fava (pip) Jul 26, 2022
Fava vulnerable to Reflected Cross-site Scripting Moderate
CVE-2022-2523 was published for fava (pip) Jul 26, 2022
google-cloudstorage-commands Command Injection vulnerability Critical
CVE-2020-28436 was published for google-cloudstorage-commands (npm) Jul 26, 2022
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2 Critical
CVE-2020-28441 was published for conf-cfg-ini (npm) Jul 26, 2022
deferred-exec Command Injection vulnerability Critical
CVE-2020-28438 was published for deferred-exec (npm) Jul 26, 2022
git-archive vulnerable to Command Injection via exports function High
CVE-2020-28422 was published for git-archive (npm) Jul 26, 2022
ffmpeg-sdk vulnerable to OS Command Injection Critical
CVE-2020-28435 was published for ffmpeg-sdk (npm) Jul 26, 2022
markdown-it-toc Cross-site Scripting due to title of generated toc and contents of header not being escaped Moderate
CVE-2020-28455 was published for markdown-it-toc (npm) Jul 26, 2022
set-deep-prop Prototype Pollution Critical
CVE-2021-23373 was published for set-deep-prop (npm) Jul 26, 2022
snyk-broker Path Traversal before v4.73.0 Moderate
CVE-2020-7649 was published for snyk-broker (npm) Jul 26, 2022
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath) Critical
CVE-2020-28447 was published for xopen (npm) Jul 26, 2022
js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse` Critical
CVE-2020-28461 was published for js-ini (npm) Jul 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database