GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,944 advisories
Filter by severity
XXE vulnerability in Rundeck Plugin
High
CVE-2020-2144
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
May 24, 2022
Jenkins Quality Gates Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2151
was published
for
org.jenkins-ci.plugins:quality-gates
(Maven)
May 24, 2022
Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2150
was published
for
org.jenkins-ci.plugins:sonar-quality-gates
(Maven)
May 24, 2022
CSRF vulnerability in Mac Plugin
Moderate
CVE-2020-2147
was published
for
fr.edf.jenkins.plugins:mac
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins P4 Plugin
Moderate
CVE-2020-2141
was published
for
org.jenkins-ci.plugins:p4
(Maven)
May 24, 2022
Credentials transmitted in plain text by Repository Connector Plugin
Low
CVE-2020-2149
was published
for
org.jenkins-ci.plugins:repository-connector
(Maven)
May 24, 2022
Credentials transmitted in plain text by Jenkins Logstash Plugin
Low
CVE-2020-2143
was published
for
org.jenkins-ci.plugins:logstash
(Maven)
May 24, 2022
Missing permission checks in Jenkins P4 Plugin
Moderate
CVE-2020-2142
was published
for
org.jenkins-ci.plugins:p4
(Maven)
May 24, 2022
Credentials stored in plain text by Zephyr Enterprise Test Management Plugin
Low
CVE-2020-2145
was published
for
org.jenkins-ci.plugins:zephyr-enterprise-test-management
(Maven)
May 24, 2022
XSS vulnerability in Jenkins Audit Trail Plugin
Moderate
CVE-2020-2140
was published
for
org.jenkins-ci.plugins:audit-trail
(Maven)
May 24, 2022
Arbitrary file write vulnerability in Jenkins Cobertura Plugin
Moderate
CVE-2020-2139
was published
for
org.jenkins-ci.plugins:cobertura
(Maven)
May 24, 2022
Improper Neutralization of Input During Web Page Generation in Jenkins Git Plugin
Moderate
CVE-2020-2136
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins Timestamper Plugin
Moderate
CVE-2020-2137
was published
for
org.jenkins-ci.plugins:timestamper
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2135
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2134
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Froxlor arbitrary code execution via the database configuration options
High
CVE-2020-10235
was published
for
froxlor/froxlor
(Composer)
May 24, 2022
Froxlor Information Disclosure
Moderate
CVE-2020-10236
was published
for
froxlor/froxlor
(Composer)
May 24, 2022
Froxlor Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2020-10237
was published
for
froxlor/froxlor
(Composer)
May 24, 2022
SEOmatic for CraftCMS allows Server-Side Template Injection
Critical
CVE-2020-9757
was published
for
nystudio107/craft-seomatic
(Composer)
May 24, 2022
Cross-site Scripting in Apache Struts
Moderate
CVE-2015-2992
was published
for
org.apache.struts:struts2-core
(Maven)
May 24, 2022
CardGate Payments plugin for WooCommerce does not validate request origin
High
CVE-2020-8819
was published
for
cardgate/woocommerce
(Composer)
May 24, 2022
DNN Path Traversal via Zip Slip
High
CVE-2020-5187
was published
for
DotNetNuke.Core
(NuGet)
May 24, 2022
DNN File Upload Vulnerability
Moderate
CVE-2020-5188
was published
for
DotNetNuke.Core
(NuGet)
May 24, 2022
Deserialization of Untrusted Data in JYaml
Critical
CVE-2020-8441
was published
for
org.jyaml:jyaml
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API