Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,152
Maven
5,000+
npm
3,816
NuGet
692
pip
3,492
Pub
12
RubyGems
902
Rust
900
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,528 advisories

Loading
Credentials stored in plain text by Jenkins Bumblebee HP ALM Plugin Moderate
CVE-2021-21614 was published for org.jenkins-ci.plugins:bumblebee (Maven) May 24, 2022
NotMyFault
Path traversal vulnerability in Jenkins agent names High
CVE-2021-21605 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
git-big-picture Code Execution Critical
CVE-2021-3028 was published for git-big-picture (pip) May 24, 2022
XSS vulnerability in Jenkins TICS Plugin Moderate
CVE-2021-21613 was published for io.jenkins.plugins:tics (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins on new item page Moderate
CVE-2021-21611 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Excessive memory allocation in graph URLs leads to denial of service in Jenkins Moderate
CVE-2021-21607 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Missing permission check for paths with specific prefix in Jenkins Moderate
CVE-2021-21609 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
XSS vulnerability in Jenkins notification bar Moderate
CVE-2021-21603 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Arbitrary file existence check in file fingerprints in Jenkins Moderate
CVE-2021-21606 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Improper handling of REST API XML deserialization errors in Jenkins High
CVE-2021-21604 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins button labels Moderate
CVE-2021-21608 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Arbitrary file read vulnerability in workspace browsers in Jenkins Moderate
CVE-2021-21602 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Cross-Site Request Forgery in JupyterHub Moderate
CVE-2020-36191 was published for jupyterhub (pip) May 24, 2022
ThinkAdmin insecure unserialize vulnerability Critical
CVE-2020-23653 was published for zoujingli/thinkadmin (Composer) May 24, 2022
ASP.NET Core and Visual Studio Denial of Service Vulnerability High
CVE-2021-1723 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) May 24, 2022
skofman1
ClusterLabs crmsh vulnerable to shell code injection High
CVE-2020-35459 was published for crmsh (pip) May 24, 2022
Formstone Vulnerable to Reflected XSS Moderate
CVE-2020-26768 was published for formstone (npm) May 24, 2022
Umbraco CMS vulnerable to stored XSS Moderate
CVE-2020-5809 was published for UmbracoCms.Core (NuGet) May 24, 2022
`net2` invalidly assumes the memory layout of std::net::SocketAddr Moderate
CVE-2020-35919 was published for net2 (Rust) May 24, 2022
Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption Moderate
CVE-2020-35908 was published for futures-util (Rust) May 24, 2022
MutexGuard::map can cause a data race in safe code Moderate
CVE-2020-35905 was published for futures-util (Rust) May 24, 2022
futures_task::waker may cause a use-after-free if used on a type that isn't 'static High
CVE-2020-35906 was published for futures-task (Rust) May 24, 2022
futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer Moderate
CVE-2020-35907 was published for futures-task (Rust) May 24, 2022
dhowden tag panic due to out-of-bounds read Moderate
CVE-2020-29245 was published for github.com/dhowden/tag (Go) May 24, 2022
dhowden tag panic due to out-of-bounds read Moderate
CVE-2020-29244 was published for github.com/dhowden/tag (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database