Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

153 advisories

Loading
Apache Tomcat improperly escapes input from JsonErrorReportValve High
CVE-2022-45143 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 3, 2023
westonsteimel
Denial of service by double-checked locking in openssl-src High
CVE-2022-3996 was published for openssl-src (Rust) Dec 13, 2022
AlmogApiiro westonsteimel
json stack overflow vulnerability High
CVE-2022-45688 was published for cn.hutool:hutool-json (Maven) Dec 13, 2022
westonsteimel aruneko
golang.org/x/net/http2 vulnerable to possible excessive memory growth Moderate
CVE-2022-41717 was published for golang.org/x/net (Go) Dec 8, 2022
westonsteimel
snowflake-connector-python is vulnerable to Regular Expression Denial of Service (ReDoS) Moderate
CVE-2022-42965 was published for snowflake-connector-python (pip) Nov 10, 2022
JBrown0x90 westonsteimel
Apache Tomcat may reject request containing invalid Content-Length header High
CVE-2022-42252 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 1, 2022
sunSUNQ westonsteimel
Twisted vulnerable to NameVirtualHost Host header injection Moderate
CVE-2022-39348 was published for twisted (pip) Oct 26, 2022
westonsteimel
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL Critical
CVE-2022-42468 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Oct 26, 2022
westonsteimel
Prototype pollution in webpack loader-utils Critical
CVE-2022-37601 was published for loader-utils (npm) Oct 13, 2022
westonsteimel kennylindley
golang.org/x/net/http2 Denial of Service vulnerability High
CVE-2022-27664 was published for golang.org/x/net (Go) Sep 7, 2022
westonsteimel
Jenkins GitHub plugin uses weak webhook signature function Low
CVE-2022-36885 was published for com.coravy.hudson.plugins.github:github (Maven) Jul 28, 2022
westonsteimel NotMyFault
Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text Low
CVE-2022-34213 was published for org.jenkins-ci.plugins:squashtm-publisher (Maven) Jun 24, 2022
westonsteimel NotMyFault
Remote Code Execution in Apache Flume High
CVE-2022-25167 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Jun 15, 2022
westonsteimel
Improper Verification of Cryptographic Signature in matrix-synapse High
CVE-2019-18835 was published for matrix-synapse (pip) May 24, 2022
westonsteimel
XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin High
CVE-2019-10327 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) May 24, 2022
westonsteimel
Plaintext password storage in Jenkins InfluxDB Plugin High
CVE-2019-10329 was published for org.jenkins-ci.plugins:influxdb (Maven) May 24, 2022
westonsteimel
Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin Critical
CVE-2019-10328 was published for org.jenkins-ci.plugins:workflow-remote-loader (Maven) May 24, 2022
westonsteimel
Improper handling of untrusted branches in Gitea Jenkins Plugin High
CVE-2019-10330 was published for org.jenkins-ci.plugins:gitea (Maven) May 24, 2022
westonsteimel
ecdsa-elixir fails to check signatures, vulnerable to message forging Critical
CVE-2021-43568 was published for ecdsa-elixir (Erlang) May 24, 2022
westonsteimel
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21686 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault westonsteimel
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21685 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault westonsteimel
sunSUNQ
XXE vulnerability in Jenkins Generic Webhook Trigger Plugin Critical
CVE-2021-21669 was published for org.jenkins-ci.plugins:generic-webhook-trigger (Maven) May 24, 2022
westonsteimel NotMyFault
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability High
CVE-2020-13663 was published for drupal/core (Composer) May 24, 2022
westonsteimel
XML external entity vulnerability in Jenkins Nuget Plugin Critical
CVE-2021-21658 was published for org.jenkins-ci.plugins:nuget (Maven) May 24, 2022
westonsteimel NotMyFault
Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds Moderate
CVE-2021-21647 was published for org.jenkins-ci.plugins:electricflow (Maven) May 24, 2022
NotMyFault westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database