Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,150
Maven
5,000+
npm
3,815
NuGet
690
pip
3,490
Pub
12
RubyGems
902
Rust
900
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,517 advisories

Loading
SaltStack Salt eauth tokens can be used once after expiration Critical
CVE-2021-3144 was published for salt (pip) May 24, 2022
SaltStack Salt is vulnerable to shell injection via ProxyCommand argument Critical
CVE-2021-3197 was published for salt (pip) May 24, 2022
SaltStack Salt command injection in the Salt-API when using the Salt-SSH client Critical
CVE-2021-3148 was published for salt (pip) May 24, 2022
SaltStack Salt Improper Authentication vulnerability Critical
CVE-2021-25281 was published for salt (pip) May 24, 2022
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod Moderate
CVE-2021-25284 was published for salt (pip) May 24, 2022
SaltStack Salt Server Side Template Injection Critical
CVE-2021-25283 was published for salt (pip) May 24, 2022
SaltStack Salt Directory Traversal vulnerability High
CVE-2021-25282 was published for salt (pip) May 24, 2022
SaltStack Salt Improper Certificate Validation High
CVE-2020-28972 was published for salt (pip) May 24, 2022
SaltStack Salt command injection via a crafted process name High
CVE-2020-28243 was published for salt (pip) May 24, 2022
SaltStack Salt Improper SSL Certificate Validation High
CVE-2020-35662 was published for salt (pip) May 24, 2022
Remote code execution in vscode-npm-script Critical
CVE-2021-26700 was published for vscode-npm-script (npm) May 24, 2022
p-w
.NET Core Remote Code Execution Vulnerability Critical
CVE-2021-24112 was published for System.Drawing.Common (NuGet) May 24, 2022
Denial of service in .NET core Moderate
CVE-2021-1721 was published for Microsoft.NETCore.App (NuGet) May 24, 2022
XSS vulnerability in Jenkins Claim Plugin Moderate
CVE-2021-21619 was published for org.jenkins-ci.plugins:claim (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Active Choices Plugin Moderate
CVE-2021-21616 was published for org.biouno:uno-choice (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Artifact Repository Parameter Plugin Moderate
CVE-2021-21622 was published for io.jenkins.plugins:artifact-repository-parameter (Maven) May 24, 2022
NotMyFault
Support bundles can include user session IDs in Jenkins Support Core Plugin Low
CVE-2021-21621 was published for org.jenkins-ci.plugins:support-core (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Repository Connector Plugin Moderate
CVE-2021-21618 was published for org.jenkins-ci.plugins:repository-connector (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Configuration Slicing Plugin High
CVE-2021-21617 was published for org.jenkins-ci.plugins:configurationslicing (Maven) May 24, 2022
NotMyFault
OpenNMS Horizon RCE via JEXL2 expression High
CVE-2021-3396 was published for org.opennms.features:org.opennms.features.measurements (Maven) May 24, 2022
GramAddict bot uses dependency with reverse tcp backdoor High
CVE-2020-36245 was published for GramAddict (pip) May 24, 2022
Withdrawn Advisory: Insufficient Granularity of Access Control in JSDom Low
CVE-2021-20066 was published for jsdom (npm) May 24, 2022 withdrawn
jhagege
NFStream Local Denial of Service (DoS) Moderate
CVE-2020-25340 was published for nfstream (pip) May 24, 2022
qlib Deserialization of Untrusted Data vulnerability Moderate
CVE-2021-23338 was published for pyqlib (pip) May 24, 2022
Magento Insufficient Session Expiration Moderate
CVE-2021-21031 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database