Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,150
Maven
5,000+
npm
3,815
NuGet
690
pip
3,490
Pub
12
RubyGems
902
Rust
900
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,517 advisories

Loading
CKEditor 4 ReDoS Vulnerability Moderate
CVE-2021-26271 was published for ckeditor4-dev (npm) May 24, 2022
Buffer overflow in SmallVec::insert_many Critical
CVE-2021-25900 was published for smallvec (Rust) May 24, 2022
tdunlap607
Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins Moderate
CVE-2021-21615 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Async-h1 request smuggling possible with long unread bodies Moderate
CVE-2020-36202 was published for async-h1 (Rust) May 24, 2022
CakePHP allows method override parameters to bypass CSRF checks High
CVE-2020-35239 was published for cakephp/cakephp (Composer) May 24, 2022
ravage84
Feehi CMS vulnerable to Cross-site Scripting in Username Field Moderate
CVE-2020-21146 was published for feehi/cms (Composer) May 24, 2022
Feehi CMS arbitrary file upload vulnerability High
CVE-2020-22643 was published for feehi/cms (Composer) May 24, 2022
Kubernetes Secrets Store CSI Driver plugins arbitrary file write Low
CVE-2020-8567 was published for github.com/Azure/secrets-store-csi-driver-provider-azure (Go) May 24, 2022
Gravity Forms stored Cross-Site Scripting (XSS) vulnerability in the survey feature Moderate
CVE-2020-27852 was published for wp-premium/gravityforms (Composer) May 24, 2022
Gravity Forms stored Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2020-27850 was published for wp-premium/gravityforms (Composer) May 24, 2022
Gravity Forms stored HTML injection vulnerability Moderate
CVE-2020-27851 was published for wp-premium/gravityforms (Composer) May 24, 2022
Mautic stored Cross-site Scripting (XSS) Critical
CVE-2020-35128 was published for mautic/core (Composer) May 24, 2022
Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin Moderate
CVE-2021-21612 was published for de.tracetronic.jenkins.plugins:ecutest (Maven) May 24, 2022
NotMyFault
Reflected XSS vulnerability in Jenkins markup formatter preview Moderate
CVE-2021-21610 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Credentials stored in plain text by Jenkins Bumblebee HP ALM Plugin Moderate
CVE-2021-21614 was published for org.jenkins-ci.plugins:bumblebee (Maven) May 24, 2022
NotMyFault
Path traversal vulnerability in Jenkins agent names High
CVE-2021-21605 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
git-big-picture Code Execution Critical
CVE-2021-3028 was published for git-big-picture (pip) May 24, 2022
XSS vulnerability in Jenkins TICS Plugin Moderate
CVE-2021-21613 was published for io.jenkins.plugins:tics (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins on new item page Moderate
CVE-2021-21611 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Excessive memory allocation in graph URLs leads to denial of service in Jenkins Moderate
CVE-2021-21607 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Missing permission check for paths with specific prefix in Jenkins Moderate
CVE-2021-21609 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
XSS vulnerability in Jenkins notification bar Moderate
CVE-2021-21603 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Arbitrary file existence check in file fingerprints in Jenkins Moderate
CVE-2021-21606 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Improper handling of REST API XML deserialization errors in Jenkins High
CVE-2021-21604 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins button labels Moderate
CVE-2021-21608 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database