GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,704 advisories
Filter by severity
Magento 2 Community Weak PRNG
Moderate
CVE-2019-8113
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition Security Bypass
High
CVE-2019-8112
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition RCE Vulnerability via CSRF
High
CVE-2019-8109
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition RCE Vulnerability
High
CVE-2019-8110
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition RCE Vulnerability
High
CVE-2019-8111
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition RCE Vulnerability
High
CVE-2019-8114
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition XSS Vulnerability
Moderate
CVE-2019-8092
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Broken authentication and session managememt
Moderate
CVE-2019-8108
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Information Disclosure via File upload functionality
High
CVE-2019-8093
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition Arbitrary File Deletion
Moderate
CVE-2019-8090
was published
for
magento/community-edition
(Composer)
May 24, 2022
kube-state-metrics may expose secret content in metrics
Moderate
CVE-2019-10223
was published
for
k8s.io/kube-state-metrics
(Go)
May 24, 2022
Pimcore XSS Vulnerability
Moderate
CVE-2019-18656
was published
for
pimcore/pimcore
(Composer)
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Moderate
CVE-2019-7619
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
Loop with Unreachable Exit Condition in Apache Thrift
High
CVE-2019-0205
was published
for
org.apache.thrift:libthrift
(Maven)
May 24, 2022
Podman Symlink Vulnerability
Moderate
CVE-2019-18466
was published
for
github.com/containers/podman/v4
(Go)
May 24, 2022
Zend Framework Allows SQL Injection
Critical
CVE-2015-0270
was published
for
zendframework/zend-db
(Composer)
May 24, 2022
Ignite Realtime Openfire directory traversal vulnerability
Moderate
CVE-2019-18393
was published
for
org.igniterealtime.openfire:parent
(Maven)
May 24, 2022
Ignite Realtime Openfire vulnerable to Server Side Request Forgery
Critical
CVE-2019-18394
was published
for
org.igniterealtime.openfire:parent
(Maven)
May 24, 2022
Craft CMS possibility of brute force attempts
Critical
CVE-2019-15929
was published
for
craftcms/cms
(Composer)
May 24, 2022
Improper Restriction of XML External Entity Reference in Apache POI
Moderate
CVE-2019-12415
was published
for
org.apache.poi:poi
(Maven)
May 24, 2022
hexo-admin plugin for Node.js XSS Vulnerability
Moderate
CVE-2019-17606
was published
for
hexo-admin
(npm)
May 24, 2022
Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials
High
CVE-2019-10461
was published
for
org.jenkins-ci.plugins:dynatrace-dashboard
(Maven)
May 24, 2022
Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions
Moderate
CVE-2019-10472
was published
for
org.jenkins-ci.plugins:libvirt-slave
(Maven)
May 24, 2022
Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials
High
CVE-2019-10476
was published
for
org.jenkins-ci.plugins:zulip
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API