GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,207
Maven
5,000+
npm
3,858
NuGet
696
pip
3,639
Pub
12
RubyGems
913
Rust
918
Swift
38
Unreviewed advisories
All unreviewed
5,000+
21,919 advisories
Filter by severity
Numpy Deserialization of Untrusted Data
Critical
CVE-2019-6446
was published
for
numpy
(pip)
May 24, 2022
Cross-site Scripting in Bootstrap-3-Typeahead
Moderate
CVE-2019-10215
was published
for
bassjobsen/bootstrap-3-typeahead
(Composer)
May 24, 2022
TeamPass Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2019-16904
was published
for
nilsteampassnet/teampass
(Composer)
May 24, 2022
Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text
Moderate
CVE-2019-10430
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
May 24, 2022
Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form
High
CVE-2019-10428
was published
for
org.jenkins-ci.plugins:aqua-security-scanner
(Maven)
May 24, 2022
Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form
Moderate
CVE-2019-10427
was published
for
org.jenkins-ci.plugins:aqua-microscanner
(Maven)
May 24, 2022
Project Inheritance Plugin showed secret environment variables defined in Mask Passwords Plugin
Moderate
CVE-2019-10407
was published
for
hudson.plugins:project-inheritance
(Maven)
May 24, 2022
Jenkins Gem Publisher Plugin stores credentials as plaintext
Moderate
CVE-2019-10426
was published
for
net.arangamani.jenkins:gem-publisher
(Maven)
May 24, 2022
Jenkins GitLab Logo Plugin stores credentials unencrypted
Moderate
CVE-2019-10429
was published
for
org.jenkins-ci.plugins:gitlab-logo
(Maven)
May 24, 2022
Improper Neutralization of Input During Web Page Generation in Jenkins
Moderate
CVE-2019-10406
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Improper Neutralization of Input During Web Page Generation in Jenkins
Moderate
CVE-2019-10402
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Improper Neutralization of Input During Web Page Generation in Jenkins
Moderate
CVE-2019-10403
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Improper Neutralization of Input During Web Page Generation in Jenkins
Moderate
CVE-2019-10404
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Improper Neutralization of Input During Web Page Generation in Jenkins
Moderate
CVE-2019-10401
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Moderate
CVE-2019-10405
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Magento 2 Community Edition SQLi Vulnerability
Critical
CVE-2019-7139
was published
for
magento/community-edition
(Composer)
May 24, 2022
Incorrect Default Permissions in Beego
Moderate
CVE-2019-16355
was published
for
github.com/astaxie/beego
(Go)
May 24, 2022
Deserialization of Untrusted Data in Apache Tapestry
Critical
CVE-2019-0195
was published
for
org.apache.tapestry:tapestry-core
(Maven)
May 24, 2022
phpMyAdmin Cross-Site Request Forgery (CSRF)
Moderate
CVE-2019-12922
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
Elevation of privilege in ASP.NET Core
Moderate
CVE-2019-1302
was published
for
Microsoft.AspNetCore.SpaServices
(NuGet)
May 24, 2022
Apache Solr vulnerable to XML Bomb
High
CVE-2019-12401
was published
for
org.apache.solr:solr-core
(Maven)
May 24, 2022
laracom Cross-site Scripting
Moderate
CVE-2019-15489
was published
for
jsdecena/laracom
(Composer)
May 24, 2022
Bolt Cross-site Scripting (XSS) via an image's alt or title field
Moderate
CVE-2019-15484
was published
for
bolt/bolt
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API