Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,458
Erlang
33
GitHub Actions
22
Go
2,156
Maven
5,000+
npm
3,818
NuGet
693
pip
3,497
Pub
12
RubyGems
903
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,558 advisories

Loading
Drupal Core Access bypass vulnerability Critical
CVE-2020-13665 was published for drupal/core (Composer) May 24, 2022
Drupal Core Arbitrary PHP code execution vulnerability High
CVE-2020-13664 was published for drupal/core (Composer) May 24, 2022
jquery-plugin-query-object contains prototype pollution vulnerability High
CVE-2021-20083 was published for jquery-query-object (npm) May 24, 2022
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module High
CVE-2020-7385 was published for metasploit-framework (RubyGems) May 24, 2022
jasnow
Command Injection in SaltStack Salt High
CVE-2021-31607 was published for salt (pip) May 24, 2022
Remote code execution vulnerability in Jenkins Templating Engine Plugin High
CVE-2021-21646 was published for org.jenkins-ci.plugins:templating-engine (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs Moderate
CVE-2021-21645 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault
XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin High
CVE-2021-21642 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds Moderate
CVE-2021-21647 was published for org.jenkins-ci.plugins:electricflow (Maven) May 24, 2022
NotMyFault westonsteimel
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs Moderate
CVE-2021-21643 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files Moderate
CVE-2021-21644 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault
HashiCorp Consul Cross-site Scripting vulnerability Moderate
CVE-2020-25864 was published for github.com/hashicorp/consul (Go) May 24, 2022
Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio High
GHSA-jwpw-q68h-r678 was published for dio (Pub) May 24, 2022 withdrawn
AlexV525
Cross Site Scripting (XSS) in LavaLite 5.8.0 Moderate
CVE-2020-28124 was published for lavalite/cms (Composer) May 24, 2022
Improper Privilege Management in Azure ms-rest-nodeauth High
CVE-2021-28458 was published for @azure/ms-rest-nodeauth (npm) May 24, 2022
MongoDB Tools Improper Certificate Validation vulnerability Moderate
CVE-2020-7924 was published for github.com/mongodb/mongo-tools (Go) May 24, 2022
Wikimedia Parsoid vulnerable to Cross-site Scripting (XSS) Moderate
CVE-2021-30458 was published for wikimedia/parsoid (Composer) May 24, 2022
Reflected XSS vulnerability in Jenkins Micro Focus Application Automation Tools Plugin High
CVE-2021-22510 was published for org.jenkins-ci.plugins:hp-application-automation-tools-plugin (Maven) May 24, 2022
NotMyFault
SSL/TLS certificate validation unconditionally disabled by Jenkins Micro Focus Application Automation Tools Plugin Moderate
CVE-2021-22511 was published for org.jenkins-ci.plugins:hp-application-automation-tools-plugin (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Micro Focus Application Automation Tools Plugin Moderate
CVE-2021-22512 was published for org.jenkins-ci.plugins:hp-application-automation-tools-plugin (Maven) May 24, 2022
NotMyFault
Missing permission checks in Micro Focus Application Automation Tools Plugin Moderate
CVE-2021-22513 was published for org.jenkins-ci.plugins:hp-application-automation-tools-plugin (Maven) May 24, 2022
NotMyFault
subrion CMS Cross Site Scripting (XSS) vulnerability Moderate
CVE-2020-23761 was published for intelliants/subrion (Composer) May 24, 2022
Lack of type validation in agent related REST API in Jenkins Moderate
CVE-2021-21639 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins promoted builds Plugin Moderate
CVE-2021-21641 was published for org.jenkins-ci.plugins:promoted-builds (Maven) May 24, 2022
NotMyFault
View name validation bypass in Jenkins Moderate
CVE-2021-21640 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database