Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,577 advisories

Loading
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table Moderate
CVE-2015-2179 was published for xaviershay-dm-rails (RubyGems) Jan 26, 2023
Cross-site Scripting in yapi-vendor Moderate
CVE-2021-36686 was published for yapi-vendor (npm) Jan 26, 2023
phpmyadmin contains SQL Injection vulnerability Critical
CVE-2020-22452 was published for phpmyadmin/phpmyadmin (Composer) Jan 26, 2023
Directory Traversal vulnerability in serve-lite High
CVE-2022-21192 was published for serve-lite (npm) Jan 26, 2023
lirantal
Credited to lirantal
Command injection in smartctl High
CVE-2022-21810 was published for smartctl (npm) Jan 26, 2023
Remote code execution in simple-git Critical
CVE-2022-25860 was published for simple-git (npm) Jan 26, 2023
Cross-site Scripting (XSS) in serve-lite Moderate
CVE-2022-25847 was published for serve-lite (npm) Jan 26, 2023
lirantal
Credited to lirantal
Command Injection in create-choo-electron Critical
CVE-2022-25908 was published for create-choo-electron (npm) Jan 26, 2023
Command Injection in puppet-facter High
CVE-2022-25350 was published for puppet-facter (npm) Jan 26, 2023
Remote Code Execution in com.bstek.uflo:uflo-core Critical
CVE-2022-25894 was published for com.bstek.uflo:uflo-core (Maven) Jan 26, 2023
Directory Traversal in onnx High
CVE-2022-25882 was published for onnx (pip) Jan 26, 2023
Command injection in vagrant.js Critical
CVE-2022-25962 was published for vagrant.js (npm) Jan 26, 2023
Path traversal in binwalk High
CVE-2022-4510 was published for binwalk (pip) Jan 26, 2023
qkaiser
Credited to qkaiser
Arbitrary file write in net.mingsoft:ms-mcms High
CVE-2022-47042 was published for net.mingsoft:ms-mcms (Maven) Jan 26, 2023
github.com/openshift/apiserver-library-go Improper Input Validation vulnerability Moderate
CVE-2023-0229 was published for github.com/openshift/apiserver-library-go (Go) Jan 26, 2023
Sandbox bypass in Jenkins Script Security Plugin High
CVE-2023-24422 was published for org.jenkins-ci.plugins:script-security (Maven) Jan 26, 2023
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin Critical
CVE-2023-24429 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Jan 26, 2023
Cisco Spark Notifier Jenkins Plugin contains Missing Authorization Moderate
CVE-2023-24451 was published for org.jenkins-ci.plugins:cisco-spark-notifier-plugin (Maven) Jan 26, 2023
Missing permission checks in Jenkins Orka Plugin allow capturing credentials Moderate
CVE-2023-24433 was published for io.jenkins.plugins:macstadium-orka (Maven) Jan 26, 2023
Missing permission checks in Jenkins Orka Plugin allow enumerating credentials IDs Moderate
CVE-2023-24431 was published for io.jenkins.plugins:macstadium-orka (Maven) Jan 26, 2023
CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin High
CVE-2023-24434 was published for org.jenkins-ci.plugins:ghprb (Maven) Jan 26, 2023
XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin Critical
CVE-2023-24430 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Jan 26, 2023
CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials High
CVE-2023-24432 was published for io.jenkins.plugins:macstadium-orka (Maven) Jan 26, 2023
Missing permission check in Jenkins TestQuality Updater Plugin Moderate
CVE-2023-24453 was published for org.jenkins-ci.plugins:testquality-updater (Maven) Jan 26, 2023
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin Critical
CVE-2023-24456 was published for org.jenkins-ci.plugins:keycloak (Maven) Jan 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database