Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

21,003 advisories

Loading
Token stored in plain text by DigitalOcean Plugin Low
CVE-2020-2126 was published for com.dubture.jenkins:digitalocean-plugin (Maven) May 24, 2022
NotMyFault
RCE vulnerability in RadarGun Plugin High
CVE-2020-2123 was published for org.jenkins-ci.plugins:radargun (Maven) May 24, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Eagle Tester Plugin Moderate
CVE-2020-2129 was published for com.mobileenerlytics.eagle.tester:eagle-tester (Maven) May 24, 2022
Jenkins Git Parameter Plugin vulnerable to stored cross-site scripting (XSS) Moderate
CVE-2020-2113 was published for org.jenkins-ci.tools:git-parameter (Maven) May 24, 2022
NotMyFault
XXE vulnerability in NUnit Plugin High
CVE-2020-2115 was published for org.jenkins-ci.plugins:nunit (Maven) May 24, 2022
NotMyFault
Jenkins Git Parameter Plugin vulnerable to Stored cross-site scripting (XSS) Moderate
CVE-2020-2112 was published for org.jenkins-ci.tools:git-parameter (Maven) May 24, 2022
NotMyFault
Subversion Plugin stored XSS vulnerability Moderate
CVE-2020-2111 was published for org.jenkins-ci.plugins:subversion (Maven) May 24, 2022
westonsteimel
Improper Input Validation in Jenkins Pipeline: Groovy Plugin High
CVE-2020-2109 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 24, 2022
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration Low
CVE-2020-2114 was published for org.jenkins-ci.plugins:s3 (Maven) May 24, 2022
NotMyFault
Users with Overall/Read access can enumerate credential IDs in Pipeline GitHub Notify Step Plugin Moderate
CVE-2020-2118 was published for org.jenkins-ci.plugins:pipeline-build-step (Maven) May 24, 2022
NotMyFault
Missing permission checks in Pipeline GitHub Notify Step Plugin allows capturing credentials High
CVE-2020-2117 was published for org.jenkins-ci.plugins:pipeline-githubnotify-step (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Pipeline GitHub Notify Step Plugin allows capturing credentials High
CVE-2020-2116 was published for org.jenkins-ci.plugins:pipeline-githubnotify-step (Maven) May 24, 2022
NotMyFault
Client secret transmitted in plain text by Azure AD Plugin Low
CVE-2020-2119 was published for org.jenkins-ci.plugins:azure-ad (Maven) May 24, 2022
NotMyFault
Improper Input Validation in Jenkins Script Security Plugin High
CVE-2020-2110 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0767 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
Podman has Files or Directories Accessible to External Parties Moderate
CVE-2020-1726 was published for github.com/containers/podman (Go) May 24, 2022
tdunlap607
ChakraCore RCE Vulnerability High
CVE-2020-0710 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0711 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0713 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0712 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party Critical
CVE-2019-17268 was published for omniauth-weibo-oauth2 (RubyGems) May 24, 2022
Magento deserialization vulnerability Critical
CVE-2020-3716 was published for magento/community-edition (Composer) May 24, 2022
Magento security bypass vulnerability Critical
CVE-2020-3718 was published for magento/community-edition (Composer) May 24, 2022
Magento stored cross-site scripting vulnerability Moderate
CVE-2020-3715 was published for magento/community-edition (Composer) May 24, 2022
Magento sql injection vulnerability High
CVE-2020-3719 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database