Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,434
Erlang
29
GitHub Actions
16
Go
1,660
Maven
4,922
npm
3,450
NuGet
594
pip
2,840
Pub
10
RubyGems
823
Rust
764
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,360 advisories

Jenkins SSH Build Agents Plugin did not verify host keys Moderate
CVE-2017-2648 was published for org.jenkins-ci.plugins:ssh-slaves (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins-mailer-plugin Low
CVE-2017-2651 was published for org.jenkins-ci.plugins:mailer (Maven) May 13, 2022
katello Improper Privilege Management vulnerability Moderate
CVE-2017-2662 was published for katello (RubyGems) May 13, 2022
Deserialization of Untrusted Data in Flamingo amf-serializer Critical
CVE-2017-3202 was published for com.exadel.flamingo.flex:amf-serializer (Maven) May 13, 2022
Deserialization of Untrusted Data in Spring-flex High
CVE-2017-3203 was published for org.springframework.flex:spring-flex (Maven) May 13, 2022
Drupal file REST resource does not properly validate Moderate
CVE-2017-6921 was published for drupal/core (Composer) May 13, 2022
Drupal core access bypass vulnerability Moderate
CVE-2017-6922 was published for drupal/core (Composer) May 13, 2022
Drupal REST API can bypass comment approval High
CVE-2017-6924 was published for drupal/core (Composer) May 13, 2022
XML External Entity Reference in jbpmmigration Moderate
CVE-2017-7545 was published for org.jbpm.jbpm5:jbpmmigration (Maven) May 13, 2022
Undertow vulnerable to Request Smuggling Moderate
CVE-2017-7559 was published for io.undertow:undertow-core (Maven) May 13, 2022
Cross-Site Request Forgery in hawtio High
CVE-2017-7556 was published for io.hawt:project (Maven) May 13, 2022
Improper Privilege Management in X-Pack Moderate
CVE-2017-8446 was published for org.elasticsearch.plugin:x-pack (Maven) May 13, 2022
Kubernetes arbitrary file overwrite Moderate
CVE-2018-1002100 was published for k8s.io/kubernetes (Go) May 13, 2022
Minikube RCE via DNS Rebinding High
CVE-2018-1002103 was published for k8s.io/minikube (Go) May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in Zip4j Moderate
CVE-2018-1002202 was published for net.lingala.zip4j:zip4j (Maven) May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver Moderate
CVE-2018-1002200 was published for org.codehaus.plexus:plexus-archiver (Maven) May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in SharpZipLib Moderate
CVE-2018-1002208 was published for SharpZipLib (NuGet) May 13, 2022
Podman Elevated Container Privileges High
CVE-2018-10856 was published for github.com/containers/podman/v4 (Go) May 13, 2022
Keycloak Authentication Error Moderate
CVE-2018-10894 was published for org.keycloak:keycloak-saml-adapter-core (Maven) May 13, 2022
Moodle sensitive information disclosure Moderate
CVE-2018-10889 was published for moodle/moodle (Composer) May 13, 2022
Moodle Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2018-10890 was published for moodle/moodle (Composer) May 13, 2022
katello SQL Injection vulnerability Moderate
CVE-2018-14623 was published for katello (RubyGems) May 13, 2022
Moodle XML import of ddwtos could lead to intentional remote code execution High
CVE-2018-14630 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Openstack Neutron vulnerable to eavesdropping on private traffic Moderate
CVE-2018-14636 was published for neutron (pip) May 13, 2022
JSON-Patch Out-of-bounds Write vulnerability High
CVE-2018-14632 was published for github.com/evanphx/json-patch (Go) May 13, 2022
ProTip! Advisories are also available from the GraphQL API