GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,434
Erlang
29
GitHub Actions
16
Go
1,660
Maven
4,922
npm
3,450
NuGet
594
pip
2,840
Pub
10
RubyGems
823
Rust
764
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,360 advisories
Filter by severity
Jenkins SSH Build Agents Plugin did not verify host keys
Moderate
CVE-2017-2648
was published
for
org.jenkins-ci.plugins:ssh-slaves
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins-mailer-plugin
Low
CVE-2017-2651
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
May 13, 2022
katello Improper Privilege Management vulnerability
Moderate
CVE-2017-2662
was published
for
katello
(RubyGems)
May 13, 2022
Deserialization of Untrusted Data in Flamingo amf-serializer
Critical
CVE-2017-3202
was published
for
com.exadel.flamingo.flex:amf-serializer
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Spring-flex
High
CVE-2017-3203
was published
for
org.springframework.flex:spring-flex
(Maven)
May 13, 2022
Drupal file REST resource does not properly validate
Moderate
CVE-2017-6921
was published
for
drupal/core
(Composer)
May 13, 2022
Drupal core access bypass vulnerability
Moderate
CVE-2017-6922
was published
for
drupal/core
(Composer)
May 13, 2022
Drupal REST API can bypass comment approval
High
CVE-2017-6924
was published
for
drupal/core
(Composer)
May 13, 2022
XML External Entity Reference in jbpmmigration
Moderate
CVE-2017-7545
was published
for
org.jbpm.jbpm5:jbpmmigration
(Maven)
May 13, 2022
Undertow vulnerable to Request Smuggling
Moderate
CVE-2017-7559
was published
for
io.undertow:undertow-core
(Maven)
May 13, 2022
Cross-Site Request Forgery in hawtio
High
CVE-2017-7556
was published
for
io.hawt:project
(Maven)
May 13, 2022
Improper Privilege Management in X-Pack
Moderate
CVE-2017-8446
was published
for
org.elasticsearch.plugin:x-pack
(Maven)
May 13, 2022
Kubernetes arbitrary file overwrite
Moderate
CVE-2018-1002100
was published
for
k8s.io/kubernetes
(Go)
May 13, 2022
Minikube RCE via DNS Rebinding
High
CVE-2018-1002103
was published
for
k8s.io/minikube
(Go)
May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in Zip4j
Moderate
CVE-2018-1002202
was published
for
net.lingala.zip4j:zip4j
(Maven)
May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver
Moderate
CVE-2018-1002200
was published
for
org.codehaus.plexus:plexus-archiver
(Maven)
May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in SharpZipLib
Moderate
CVE-2018-1002208
was published
for
SharpZipLib
(NuGet)
May 13, 2022
Podman Elevated Container Privileges
High
CVE-2018-10856
was published
for
github.com/containers/podman/v4
(Go)
May 13, 2022
Keycloak Authentication Error
Moderate
CVE-2018-10894
was published
for
org.keycloak:keycloak-saml-adapter-core
(Maven)
May 13, 2022
Moodle sensitive information disclosure
Moderate
CVE-2018-10889
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2018-10890
was published
for
moodle/moodle
(Composer)
May 13, 2022
katello SQL Injection vulnerability
Moderate
CVE-2018-14623
was published
for
katello
(RubyGems)
May 13, 2022
Moodle XML import of ddwtos could lead to intentional remote code execution
High
CVE-2018-14630
was published
for
moodle/moodle
(Composer)
May 13, 2022
Openstack Neutron vulnerable to eavesdropping on private traffic
Moderate
CVE-2018-14636
was published
for
neutron
(pip)
May 13, 2022
JSON-Patch Out-of-bounds Write vulnerability
High
CVE-2018-14632
was published
for
github.com/evanphx/json-patch
(Go)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API