Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,557 advisories

Loading
Open redirect in Apache Shiro Moderate
CVE-2023-46750 was published for org.apache.shiro:shiro-web (Maven) Dec 14, 2023
Cube API denial of service attack Moderate
CVE-2023-50709 was published for @cubejs-backend/api-gateway (npm) Dec 13, 2023
Insecure Direct Object Reference in extension "Content Consent" (content_consent) Moderate
CVE-2023-50462 was published for t3s/content-consent (Composer) Dec 13, 2023
Broken Access Control in extension "femanager" Moderate
CVE-2023-50459 was published for in2code/femanager (Composer) Dec 13, 2023
Configuration Injection in extension "Direct Mail" (direct_mail) High
CVE-2023-50461 was published for directmailteam/direct-mail (Composer) Dec 13, 2023
Denial of service caused by infinite recursion when parsing SVG images Moderate
CVE-2023-50262 was published for dompdf/dompdf (Composer) Dec 13, 2023
cod3beat Credited to cod3beat
Out of memory error when submitting the dataset form with a specially-crafted field Moderate
CVE-2023-50248 was published for ckan (pip) Dec 13, 2023
thorge Credited to thorge
Withdrawn Advisory: Prometheus XSS Vulnerability Moderate
CVE-2019-3826 was published for github.com/prometheus/prometheus (Go) Dec 13, 2023 withdrawn
pdeslaur Credited to pdeslaur and codeboten codeboten codeboten
Tokens stored in plain text by PaaSLane Estimate Plugin Moderate
CVE-2023-50777 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Cross-site request forgery vulnerability in Jenkins Deployment Dashboard Plugin Moderate
CVE-2023-50775 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Dec 13, 2023
Jenkins Nexus Platform Plugin missing permission check Moderate
CVE-2023-50769 was published for org.sonatype.nexus.ci:nexus-jenkins-plugin (Maven) Dec 13, 2023
Displayed in plain text by Dingding JSON Pusher Plugin Moderate
CVE-2023-50773 was published for com.zintow:dingding-json-pusher (Maven) Dec 13, 2023
Open redirect vulnerability in Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50771 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
westonsteimel Credited to westonsteimel
Cross-Site Request Forgery in Jenkins PaaSLane Estimate Plugin Moderate
CVE-2023-50778 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50770 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
westonsteimel Credited to westonsteimel
Arbitrary file deletion vulnerability in Jenkins Scriptler Plugin High
CVE-2023-50764 was published for org.jenkins-ci.plugins:scriptler (Maven) Dec 13, 2023
Missing permission check in Jenkins Scriptler Plugin Moderate
CVE-2023-50765 was published for org.jenkins-ci.plugins:scriptler (Maven) Dec 13, 2023
Cross-site request forgery vulnerability in Jenkins HTMLResource Plugin High
CVE-2023-50774 was published for org.jenkins-ci.plugins:htmlresource (Maven) Dec 13, 2023
Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability High
CVE-2023-50766 was published for org.sonatype.nexus.ci:nexus-jenkins-plugin (Maven) Dec 13, 2023
Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-50768 was published for org.sonatype.nexus.ci:nexus-jenkins-plugin (Maven) Dec 13, 2023
Tokens stored in plain text by Dingding JSON Pusher Plugin Moderate
CVE-2023-50772 was published for com.zintow:dingding-json-pusher (Maven) Dec 13, 2023
Jenkins Nexus Platform Plugin missing permission check High
CVE-2023-50767 was published for org.sonatype.nexus.ci:nexus-jenkins-plugin (Maven) Dec 13, 2023
Missing permission check in Jenkins PaaSLane Estimate Plugin Moderate
CVE-2023-50779 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Tokens stored in plain text by PaaSLane Estimate Plugin Moderate
CVE-2023-50776 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Missing access control in Silverpeas High
CVE-2023-47323 was published for org.silverpeas.core:silverpeas-core-api (Maven) Dec 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database