Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,330
Erlang
31
GitHub Actions
21
Go
2,091
Maven
5,000+
npm
3,756
NuGet
678
pip
3,443
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

21,117 advisories

Loading
Grin allows attackers to adversely affect availability of data on a Mimblewimble blockchain Moderate
CVE-2020-12439 was published for grin (Rust) May 24, 2022
Keycloak users may be able to remove MFA from other users' devices Moderate
CVE-2020-10686 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
chrome-launcher subject to OS Command Injection Critical
CVE-2020-7645 was published for chrome-launcher (npm) May 24, 2022
furi0us333
TeamPass PHP arbitrary file include vulnerability High
CVE-2020-12479 was published for nilsteampassnet/teampass (Composer) May 24, 2022
TeamPass files are available without authentication High
CVE-2020-12478 was published for nilsteampassnet/teampass (Composer) May 24, 2022
SaltStack Salt Unauthenticated Remote Code Execution Critical
CVE-2020-11651 was published for salt (pip) May 24, 2022
SaltStack Salt is vulnerable Arbitrary Directory Access High
CVE-2020-11652 was published for salt (pip) May 24, 2022
Grafana information disclosure High
CVE-2020-12458 was published for github.com/grafana/grafana (Go) May 24, 2022
Subrion CMS CSV injection via Export Language High
CVE-2020-12468 was published for intelliants/subrion (Composer) May 24, 2022
Subrion CMS PHP Object Injection Moderate
CVE-2020-12469 was published for intelliants/subrion (Composer) May 24, 2022
Grafana world readable configuration files High
CVE-2020-12459 was published for github.com/grafana/grafana (Go) May 24, 2022
Improper Authorization in Undertoe High
CVE-2020-1745 was published for io.undertow:undertow-core (Maven) May 24, 2022
Grafana XSS in header column rename Moderate
CVE-2020-12245 was published for github.com/grafana/grafana (Go) May 24, 2022
Improper Input Validation in Undertow High
CVE-2020-1757 was published for io.undertow:undertow-core (Maven) May 24, 2022
yawkat
Diavante vue-storefront-api and storefront-api disclose stack trace Moderate
CVE-2020-11883 was published for storefront-api (npm) May 24, 2022
RCE vulnerability in Jenkins AWS SAM Plugin High
CVE-2020-2180 was published for io.jenkins.plugins:aws-sam (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Parasoft Findings Plugin High
CVE-2020-2178 was published for com.parasoft:parasoft-findings (Maven) May 24, 2022
NotMyFault
Credentials stored in plain text by Jenkins Copr Plugin Moderate
CVE-2020-2177 was published for org.fedoraproject.jenkins.plugins:copr (Maven) May 24, 2022
NotMyFault
Dolibarr Cross-Site Request Forgery Vulnerability High
CVE-2020-11825 was published for dolibarr/dolibarr (Composer) May 24, 2022
Dolibarr stored Cross-site Scripting vulnerability Moderate
CVE-2020-11823 was published for dolibarr/dolibarr (Composer) May 24, 2022
RCE vulnerability in Jenkins Yaml Axis Plugin High
CVE-2020-2179 was published for org.jenkins-ci.plugins:yaml-axis (Maven) May 24, 2022
NotMyFault
SilverStripe Folders migrated from 3.x may be unsafe to upload to High
CVE-2020-9280 was published for silverstripe/assets (Composer) May 24, 2022
ChakraCore Remote Code Execution Vulnerability High
CVE-2020-0970 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0969 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
Argo Exposure of Sensitive Information Moderate
CVE-2018-21034 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database