Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,846
Erlang
36
GitHub Actions
33
Go
2,467
Maven
5,000+
npm
4,090
NuGet
733
pip
3,907
Pub
12
RubyGems
944
Rust
1,011
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23,662 advisories

Loading
Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin High
CVE-2022-43420 was published for org.jenkins-ci.plugins:contrast-continuous-application-security (Maven) Oct 19, 2022
NotMyFault
XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin High
CVE-2022-43430 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
NotMyFault
Jenkins Katalon Plugin vulnerable to Protection Mechanism Failure High
CVE-2022-43416 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
API keys stored in plain text by Jenkins Katalon Plugin Moderate
CVE-2022-43419 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault tdunlap607
Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin High
CVE-2022-43434 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Oct 19, 2022
NotMyFault
Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin Moderate
CVE-2022-43422 was published for com.compuware.jenkins:compuware-topaz-utilities (Maven) Oct 19, 2022
NotMyFault
Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins High
CVE-2022-43408 was published for org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view (Maven) Oct 19, 2022
XXE vulnerability in Jenkins REPO Plugin High
CVE-2022-43415 was published for org.jenkins-ci.plugins:repo (Maven) Oct 19, 2022
NotMyFault
Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin Moderate
CVE-2022-43410 was published for org.jenkins-ci.plugins:mercurial (Maven) Oct 19, 2022
NotMyFault
Markdownify subject to Remote Code Execution via malicious markdown file High
CVE-2022-41709 was published for electron-markdownify (npm) Oct 19, 2022
run-terraform allows for RCE via terraform plan High
CVE-2022-39326 was published for kartverket/github-workflows (GitHub Actions) Oct 19, 2022
eliihen
Improper use of metav1.Duration allows for Denial of Service Moderate
CVE-2022-39272 was published for github.com/fluxcd/flux2 (Go) Oct 19, 2022
codablock
Liferay Portal and Liferay DXP Vulnerable to XSS via the Document Library Module Moderate
CVE-2022-42113 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 19, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via the Role Module Moderate
CVE-2022-42114 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 19, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS in the CKEditor Integration with the Frontend Editor Module Moderate
CVE-2022-42116 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 19, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS in the Frontend Taglib Module Moderate
CVE-2022-42117 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 19, 2022
Liferay Portal Vulnerable to XSS in the Object Module Moderate
CVE-2022-42115 was published for com.liferay:com.liferay.object.web (Maven) Oct 19, 2022
Lavalite vulnerable to Arbitrary File Read via Directory Traversal High
CVE-2022-42188 was published for lavalite/cms (Composer) Oct 19, 2022
Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module Moderate
CVE-2022-42112 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 19, 2022
Hessian Lite for Apache Dubbo deserialization vulnerability Critical
CVE-2022-39198 was published for com.alibaba:hessian-lite (Maven) Oct 19, 2022
Apache Isis webconsole module may directly query the database in prototype mode Moderate
CVE-2022-42467 was published for org.apache.isis.core:isis-core (Maven) Oct 19, 2022
Apache Isis Cross-site Scripting vulnerability Moderate
CVE-2022-42466 was published for org.apache.isis.core:isis-core (Maven) Oct 19, 2022
.NET Remote Code Execution Vulnerability Moderate
CVE-2022-24512 was published for Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm (NuGet) Oct 18, 2022
Kirby CMS vulnerable to user enumeration in the brute force protection Moderate
CVE-2022-39315 was published for getkirby/cms (Composer) Oct 18, 2022
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms Moderate
CVE-2022-39314 was published for getkirby/cms (Composer) Oct 18, 2022
florianmrz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database