Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,678 advisories

Loading
TeamPass Stored Cross-site Scripting Moderate
CVE-2019-17205 was published for nilsteampassnet/teampass (Composer) May 24, 2022
TeamPass Stored Cross-site Scripting Moderate
CVE-2019-17204 was published for nilsteampassnet/teampass (Composer) May 24, 2022
TeamPass Stored Cross-site Scripting Moderate
CVE-2019-17203 was published for nilsteampassnet/teampass (Composer) May 24, 2022
wolfCrypt leaks cryptographic information via timing side channel Moderate
CVE-2019-13628 was published for wolfcrypt (pip) May 24, 2022
Cross-site Scripting in Eclipse Mojarra Moderate
CVE-2019-17091 was published for org.glassfish:jakarta.faces (Maven) May 24, 2022
Cargo prior to Rust 1.26.0 may download the wrong dependency High
CVE-2019-16760 was published for cargo (Rust) May 24, 2022
Jenkins SourceGear Vault plugin transmits credentials in plain text High
CVE-2019-10435 was published for org.jenkins-ci.plugins:vault-scm-plugin (Maven) May 24, 2022
Jenkins HTML Publisher Plugin vulnerable to Cross-site Scripting Moderate
CVE-2019-10432 was published for org.jenkins-ci.plugins:htmlpublisher (Maven) May 24, 2022
Cleartext Transmission of Sensitive Information in Apache MINA High
CVE-2019-0231 was published for org.apache.mina:mina-core (Maven) May 24, 2022
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl Critical
CVE-2019-10202 was published for org.codehaus.jackson:jackson-mapper-asl (Maven) May 24, 2022
Improper Control of Generation of Code in Jenkins Script Security Plugin Critical
CVE-2019-10431 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
dbolkensteyn
Jenkins LDAP Email Plugin shows plain text password in configuration form Low
CVE-2019-10434 was published for com.mtvi.plateng.hudson:ldapemail (Maven) May 24, 2022
DingTalk Plugin stores credentials in plain text Low
CVE-2019-10433 was published for io.jenkins.plugins:dingding-notifications (Maven) May 24, 2022
phpBB Cross-Site Request Forgery (CSRF) High
CVE-2019-16993 was published for phpbb/phpbb (Composer) May 24, 2022
Dolibarr stored Cross-site Scripting vulnerability Moderate
CVE-2019-16685 was published for dolibarr/dolibarr (Composer) May 24, 2022
Dolibarr Cross-site Scripting in a User Note section Moderate
CVE-2019-16686 was published for dolibarr/dolibarr (Composer) May 24, 2022
Dolibarr Cross-site Scripting in a User Profile in a Signature section Moderate
CVE-2019-16687 was published for dolibarr/dolibarr (Composer) May 24, 2022
Dolibarr stored Cross-site Scripting in an Email Template section Moderate
CVE-2019-16688 was published for dolibarr/dolibarr (Composer) May 24, 2022
phpBB Cross-Site Request Forgery (CSRF) Moderate
CVE-2019-13376 was published for phpbb/phpbb (Composer) May 24, 2022
MediaWiki information disclosure Moderate
CVE-2019-16738 was published for mediawiki/core (Composer) May 24, 2022
SilverStripe asset-admin Cross-site Scripting (XSS) Moderate
CVE-2019-14272 was published for silverstripe/framework (Composer) May 24, 2022
Silverstripe Flash Clipboard Reflected XSS Moderate
CVE-2019-12205 was published for silverstripe/admin (Composer) May 24, 2022
maxime-rainville GuySartorelli
G-Rath
Jenkins elOyente Plugin has Insufficiently Protected Credentials Low
CVE-2019-10424 was published for com.technicolor:elOyente (Maven) May 24, 2022
Jenkins Google Calendar Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-10425 was published for org.jenkins-ci.plugins:gcal (Maven) May 24, 2022
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin Critical
CVE-2019-10417 was published for io.fabric8.pipeline:kubernetes-pipeline-steps (Maven) May 24, 2022
westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database