Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,369 advisories

Loading
CSRF vulnerability in Jenkins Shelve Project Plugin High
CVE-2020-2321 was published for org.jenkins-ci.plugins:shelve-project-plugin (Maven) May 24, 2022
NotMyFault
blosc2 heap-based buffer overflow High
CVE-2020-29367 was published for blosc2 (pip) May 24, 2022
Cross site scripting in Crafter CMS Moderate
CVE-2017-15682 was published for org.craftercms:crafter-core (Maven) May 24, 2022
Missing Authorization in Crafter CMS Moderate
CVE-2017-15680 was published for org.craftercms:crafter-core (Maven) May 24, 2022
XML injection in Crafter CMS High
CVE-2017-15683 was published for org.craftercms:crafter-core (Maven) May 24, 2022
Heketi logs sensitive information Moderate
CVE-2020-10763 was published for github.com/heketi/heketi (Go) May 24, 2022
scikit-learn Denial of Service High
CVE-2020-28975 was published for scikit-learn (pip) May 24, 2022
Gitaly Insufficient Session Expiration vulnerability Low
CVE-2020-13353 was published for gitaly (RubyGems) May 24, 2022
AVideo vulnerable to Improper Privilege Management High
CVE-2020-23489 was published for wwbn/avideo (Composer) May 24, 2022
Prototype pollution in @strikeentco/set High
CVE-2020-28267 was published for @strikeentco/set (npm) May 24, 2022
jhutchings1
Locust Stored Cross-site Scripting Vulnerability Moderate
CVE-2020-28364 was published for locust (pip) May 24, 2022
Improper Neutralization of Input During Web Page Generation in CKEditor4 Moderate
CVE-2020-27193 was published for ckeditor4 (npm) May 24, 2022
spellman
Magento information disclosure vulnerability Low
CVE-2020-24406 was published for magento/community-edition (Composer) May 24, 2022
Magento incorrect permissions vulnerability in the Inventory module Moderate
CVE-2020-24405 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition RCE via Unsafe File Upload Critical
CVE-2020-24407 was published for magento/community-edition (Composer) May 24, 2022
Magento SQL Injection vulnerability High
CVE-2020-24400 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition vulnerable to Improper Authorization Low
CVE-2020-24404 was published for magento/community-edition (Composer) May 24, 2022
Magento incorrect permissions vulnerability in the Integrations component Moderate
CVE-2020-24402 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition Incorrect Authorization Moderate
CVE-2020-24401 was published for magento/community-edition (Composer) May 24, 2022
Magento incorrect user permissions vulnerability within the Inventory component Low
CVE-2020-24403 was published for magento/community-edition (Composer) May 24, 2022
Microweber Insufficient Session Expiry Moderate
CVE-2020-23136 was published for microweber/microweber (Composer) May 24, 2022
Subrion CMS CSRF Vulnerability High
CVE-2019-7357 was published for intelliants/subrion (Composer) May 24, 2022
SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi Critical
CVE-2020-25592 was published for salt (pip) May 24, 2022
SaltStack Salt Command Injection in netapi ssh client Critical
CVE-2020-16846 was published for salt (pip) May 24, 2022
SaltStack Salt Allows creating certificates with weak file permissions Moderate
CVE-2020-17490 was published for salt (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database