Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,990 advisories

Loading
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration Low
CVE-2020-2114 was published for org.jenkins-ci.plugins:s3 (Maven) May 24, 2022
NotMyFault
Improper Input Validation in Jenkins Script Security Plugin High
CVE-2020-2110 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0767 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
Podman has Files or Directories Accessible to External Parties Moderate
CVE-2020-1726 was published for github.com/containers/podman (Go) May 24, 2022
tdunlap607
ChakraCore RCE Vulnerability High
CVE-2020-0712 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0710 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0711 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0713 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party Critical
CVE-2019-17268 was published for omniauth-weibo-oauth2 (RubyGems) May 24, 2022
Magento deserialization vulnerability Critical
CVE-2020-3716 was published for magento/community-edition (Composer) May 24, 2022
Magento security bypass vulnerability Critical
CVE-2020-3718 was published for magento/community-edition (Composer) May 24, 2022
Magento stored cross-site scripting vulnerability Moderate
CVE-2020-3715 was published for magento/community-edition (Composer) May 24, 2022
Magento sql injection vulnerability High
CVE-2020-3719 was published for magento/community-edition (Composer) May 24, 2022
Magento stored cross-site scripting vulnerability Moderate
CVE-2020-3758 was published for magento/community-edition (Composer) May 24, 2022
Magento Path Traversal Moderate
CVE-2020-3717 was published for magento/community-edition (Composer) May 24, 2022
XXE vulnerability in Jenkins WebSphere Deployer Plugin High
CVE-2020-2108 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Code Coverage API Plugin Moderate
CVE-2020-2106 was published for io.jenkins.plugins:code-coverage-api (Maven) May 24, 2022
NotMyFault
Fortify Plugin stored credentials in plain text Moderate
CVE-2020-2107 was published for org.jenkins-ci.plugins:fortify (Maven) May 24, 2022
NotMyFault
Jenkins REST APIs vulnerable to clickjacking Low
CVE-2020-2105 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins High
CVE-2020-2099 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Memory usage graphs accessible to anyone with Overall/Read Moderate
CVE-2020-2104 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Jenkins Diagnostic page exposed session cookies Moderate
CVE-2020-2103 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Jenkins vulnerable to UDP amplification reflection attack Moderate
CVE-2020-2100 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Non-constant time HMAC comparison Moderate
CVE-2020-2102 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Non-constant time comparison of inbound TCP agent connection secret Moderate
CVE-2020-2101 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database