Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,152
Maven
5,000+
npm
3,816
NuGet
692
pip
3,492
Pub
12
RubyGems
902
Rust
900
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,528 advisories

Loading
Magento OS command injection via the WebAPI Critical
CVE-2021-21016 was published for magento/community-edition (Composer) May 24, 2022
insert_slice_clone can double drop if Clone panics. Moderate
CVE-2021-26954 was published for qwutils (Rust) May 24, 2022
Insertion of Sensitive Information into Log File in Elasticsearch Moderate
CVE-2020-7021 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
Incorrect Default Permissions in JetBrains Kotlin Moderate
CVE-2020-29582 was published for org.jetbrains.kotlin:kotlin-stdlib (Maven) May 24, 2022
Moodle Vulnerable to Reflected Cross-site Scripting Moderate
CVE-2021-20183 was published for moodle/moodle (Composer) May 24, 2022
Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration High
CVE-2021-20187 was published for moodle/moodle (Composer) May 24, 2022
Moodle Grade information disclosure in grade's external fetch functions Moderate
CVE-2021-20184 was published for moodle/moodle (Composer) May 24, 2022
Moodle Cross-site Scripting Moderate
CVE-2021-20186 was published for moodle/moodle (Composer) May 24, 2022
Moodle Client side denial of service via personal message Moderate
CVE-2021-20185 was published for moodle/moodle (Composer) May 24, 2022
Codiad Vulnerable to PHP Magic Hash Vulnerability High
CVE-2020-23355 was published for codiad/codiad (Composer) May 24, 2022
Zen Cart vulnerable to authenticated remote code execution High
CVE-2021-3291 was published for zencart/zencart (Composer) May 24, 2022
CKEditor 4 ReDoS Vulnerability Moderate
CVE-2021-26271 was published for ckeditor4-dev (npm) May 24, 2022
Buffer overflow in SmallVec::insert_many Critical
CVE-2021-25900 was published for smallvec (Rust) May 24, 2022
tdunlap607
Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins Moderate
CVE-2021-21615 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Async-h1 request smuggling possible with long unread bodies Moderate
CVE-2020-36202 was published for async-h1 (Rust) May 24, 2022
CakePHP allows method override parameters to bypass CSRF checks High
CVE-2020-35239 was published for cakephp/cakephp (Composer) May 24, 2022
ravage84
Feehi CMS vulnerable to Cross-site Scripting in Username Field Moderate
CVE-2020-21146 was published for feehi/cms (Composer) May 24, 2022
Feehi CMS arbitrary file upload vulnerability High
CVE-2020-22643 was published for feehi/cms (Composer) May 24, 2022
Kubernetes Secrets Store CSI Driver plugins arbitrary file write Low
CVE-2020-8567 was published for github.com/Azure/secrets-store-csi-driver-provider-azure (Go) May 24, 2022
Gravity Forms stored Cross-Site Scripting (XSS) vulnerability in the survey feature Moderate
CVE-2020-27852 was published for wp-premium/gravityforms (Composer) May 24, 2022
Gravity Forms stored Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2020-27850 was published for wp-premium/gravityforms (Composer) May 24, 2022
Gravity Forms stored HTML injection vulnerability Moderate
CVE-2020-27851 was published for wp-premium/gravityforms (Composer) May 24, 2022
Mautic stored Cross-site Scripting (XSS) Critical
CVE-2020-35128 was published for mautic/core (Composer) May 24, 2022
Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin Moderate
CVE-2021-21612 was published for de.tracetronic.jenkins.plugins:ecutest (Maven) May 24, 2022
NotMyFault
Reflected XSS vulnerability in Jenkins markup formatter preview Moderate
CVE-2021-21610 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database