Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,680
Erlang
34
GitHub Actions
26
Go
2,268
Maven
5,000+
npm
3,923
NuGet
705
pip
3,687
Pub
12
RubyGems
916
Rust
944
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,436 advisories

Loading
Cross-site Scripting in Jenkins NS-ND Integration Performance Publisher Plugin High
CVE-2022-34191 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Jun 24, 2022
NotMyFault
Cross-site Scripting vulnerability in Jenkins High
CVE-2022-34170 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault sunSUNQ
Path Traversal vulnerability in Jenkins Embeddable Build Status Plugin Moderate
CVE-2022-34179 was published for org.jenkins-ci.plugins:embeddable-build-status (Maven) Jun 24, 2022
NotMyFault
Unauthorized view fragment access in Jenkins High
CVE-2022-34175 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
Jenkins EasyQA Plugin Missing Authorization vulnerability Moderate
CVE-2022-34204 was published for com.geteasyqa:easyqa (Maven) Jun 24, 2022
Jenkins Jianliao Notification Plugin Missing Authorization vulnerability Moderate
CVE-2022-34206 was published for org.jenkins-ci.plugins:jianliao (Maven) Jun 24, 2022
User passwords stored in plain text by Jenkins EasyQA Plugin Low
CVE-2022-34202 was published for com.geteasyqa:easyqa (Maven) Jun 24, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin Moderate
CVE-2022-34199 was published for com.convertigo.jenkins.plugins:convertigo-mobile-platform (Maven) Jun 24, 2022
NotMyFault
Observable timing discrepancy allows determining username validity in Jenkins Moderate
CVE-2022-34174 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
Withdrawn: Denial of Service in aiohttp Moderate
CVE-2022-33124 was published for aiohttp (pip) Jun 24, 2022 withdrawn
webknjaz
Improper handling of double quotes in file name in Diffy in Windows environment Critical
CVE-2022-33127 was published for diffy (RubyGems) Jun 24, 2022
Cross-site Scripting in Jfinal CMS Moderate
CVE-2022-33113 was published for com.jfinal:jfinal (Maven) Jun 24, 2022
golang.org/x/sys/unix has Incorrect privilege reporting in syscall Moderate
CVE-2022-29526 was published for golang.org/x/sys (Go) Jun 24, 2022
SpEL Injection in Spring Data MongoDB Critical
CVE-2022-22980 was published for org.springframework.data:spring-data-mongodb (Maven) Jun 24, 2022
rthorpeii
Improper handling of CSS at-rules in lettersanitizer High
CVE-2022-31103 was published for lettersanitizer (npm) Jun 23, 2022
Weave GitOps leaked cluster credentials into logs on connection errors Critical
CVE-2022-31098 was published for github.com/weaveworks/weave-gitops (Go) Jun 23, 2022
stefanprodan
Denial of Service (DoS) vulnerability in RSSHub Moderate
CVE-2022-31110 was published for rsshub (npm) Jun 23, 2022
Rongronggg9
Cross-site Scripting in Microweber Moderate
CVE-2022-2174 was published for microweber/microweber (Composer) Jun 23, 2022
Log Injection in Apache Sling Commons Log and Apache Sling API Moderate
CVE-2022-32549 was published for org.apache.sling:org.apache.sling.api (Maven) Jun 23, 2022
Server-Side Request Forgery in Directus Moderate
CVE-2022-23080 was published for directus (npm) Jun 23, 2022
Unsafe yaml deserialization in NVFlare Critical
CVE-2022-31605 was published for nvflare (pip) Jun 22, 2022
Unsafe deserialisation in the PKI implementation scheme of NVFlare Critical
CVE-2022-31604 was published for nvflare (pip) Jun 22, 2022
Improper quoting of columns when using setOrderBy() or setGroupBy() on listing classes in Pimcore High
CVE-2022-31092 was published for pimcore/pimcore (Composer) Jun 22, 2022
Authenticated Stored Cross-site Scripting in Shopware Moderate
CVE-2022-31057 was published for shopware/shopware (Composer) Jun 22, 2022
Uncontrolled Recursion in rulex Moderate
CVE-2022-31099 was published for rulex (Rust) Jun 22, 2022
evanrichter
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database