Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,815
Erlang
36
GitHub Actions
32
Go
2,401
Maven
5,000+
npm
4,045
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

23,342 advisories

Loading
Missing permission check in Jenkins SCM HttpClient Plugin allow capturing credentials Moderate
CVE-2022-41250 was published for com.meowlomo.jenkins:scm-httpclient (Maven) Sep 22, 2022
NotMyFault
Jenkins Apprenda Plugin has Missing Authorization vulnerability Moderate
CVE-2022-41251 was published for org.jenkins-ci.plugins:apprenda (Maven) Sep 22, 2022
API token stored in plain text by Jenkins CONS3RT Plugin Low
CVE-2022-41255 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
Jenkins BigPanda Notifier Plugin Missing Password Field Masking Low
CVE-2022-41248 was published for org.jenkins-ci.plugins:bigpanda-jenkins (Maven) Sep 22, 2022
NotMyFault
Missing permission checks in Jenkins CONS3RT Plugin allow capturing credentials Moderate
CVE-2022-41254 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability in Jenkins CONS3RT Plugin allow capturing credentials Moderate
CVE-2022-41253 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs Moderate
CVE-2022-41252 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
Spring Data REST can expose hidden entity attributes Low
CVE-2022-31679 was published for org.springframework.data:spring-data-rest-core (Maven) Sep 22, 2022
rdiffweb has insecure HTTP cookies Moderate
CVE-2022-3250 was published for rdiffweb (pip) Sep 22, 2022
Awesome Support vulnerable to persistent cross-site scripting Moderate
CVE-2022-38073 was published for awesome-support/awesome-support (Composer) Sep 22, 2022
rdiffweb CSRF could lead to disabling notifications in user profile Moderate
CVE-2022-3233 was published for rdiffweb (pip) Sep 22, 2022
autogluon.multimodal vulnerable to unsafe YAML deserialization High
GHSA-6h2x-4gjf-jc5w was published for autogluon.multimodal (pip) Sep 21, 2022
sxjscience
@netlify/ipx vulnerable to Full Response SSRF and Stored XSS via Cache Poisoning and Improper Host Validation Moderate
CVE-2022-39239 was published for @netlify/ipx (npm) Sep 21, 2022
python-jwt vulnerable to token forgery with new claims Critical
CVE-2022-39227 was published for python-jwt (pip) Sep 21, 2022
TomTervoort
parse-server auth adapter app ID validation can be circumvented Low
CVE-2022-39231 was published for parse-server (npm) Sep 21, 2022
KarolisBan
fhir-works-on-aws-authz-smart handles permissions improperly Moderate
CVE-2022-39230 was published for fhir-works-on-aws-authz-smart (npm) Sep 21, 2022
parse-server's session object properties can be updated by foreign user if object ID is known Moderate
CVE-2022-39225 was published for parse-server (npm) Sep 21, 2022
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service Moderate
GHSA-4qw4-jpp4-8gvp was published for commonmarker (RubyGems) Sep 21, 2022
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm. High
CVE-2022-39224 was published for arr-pm (RubyGems) Sep 21, 2022
joernchen
jwcrypto token substitution can lead to authentication bypass Moderate
CVE-2022-3102 was published for jwcrypto (pip) Sep 21, 2022
personnummer/rust vulnerable to Improper Input Validation Low
GHSA-28r9-pq4c-wp3c was published for personnummer (Rust) Sep 21, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module Moderate
CVE-2022-3005 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via LayoutEditor module Moderate
CVE-2022-3000 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module Moderate
CVE-2022-3004 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
Microweber Cross-site Scripting can result in redirection to a malicious site Moderate
CVE-2022-3242 was published for microweber/microweber (Composer) Sep 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database