GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
Logic error in authentication in proxy.py
High
CVE-2021-3116
was published
for
proxy.py
(pip)
Apr 7, 2021
Regular Expression Denial of Service in Leo Editor
High
CVE-2020-23478
was published
for
leo
(pip)
Sep 23, 2021
Alpine allows Authentication Filter bypass
Moderate
CVE-2022-23554
was published
for
us.springett:alpine
(Maven)
Aug 5, 2024
Codiad Vulnerable to PHP Magic Hash Vulnerability
High
CVE-2020-23355
was published
for
codiad/codiad
(Composer)
May 24, 2022
Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header
Critical
CVE-2020-13485
was published
for
verbb/knock-knock
(Composer)
May 24, 2022
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Critical
CVE-2023-45133
was published
for
@babel/traverse
(npm)
Oct 16, 2023
Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin
Low
CVE-2024-23903
was published
for
io.jenkins.plugins:gitlab-branch-source
(Maven)
Jan 24, 2024
Non-constant time nonce comparison in Jenkins Microsoft Entra ID (previously Azure AD) Plugin
High
CVE-2023-41935
was published
for
org.jenkins-ci.plugins:azure-ad
(Maven)
Sep 6, 2023
Jenkins Google Login Plugin non-constant time token comparison
High
CVE-2023-41936
was published
for
org.jenkins-ci.plugins:google-login
(Maven)
Sep 6, 2023
Regular Expression Denial of Service in jsoneditor
Moderate
CVE-2021-3822
was published
for
jsoneditor
(npm)
Sep 29, 2021
uri-template-lite Regular Expression Denial of Service
Moderate
CVE-2021-43309
was published
for
uri-template-lite
(npm)
Aug 25, 2022
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46656
was published
for
igalg.jenkins.plugins:multibranch-scan-webhook-trigger
(Maven)
Oct 25, 2023
Jenkins Gogs Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46657
was published
for
org.jenkins-ci.plugins:gogs-webhook
(Maven)
Oct 25, 2023
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46658
was published
for
io.jenkins.plugins:teams-webhook-trigger
(Maven)
Oct 25, 2023
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin
Low
CVE-2023-46660
was published
for
org.jenkins-ci.plugins:zanata
(Maven)
Oct 25, 2023
gnark unsoundness in variable comparison / non-unique binary decomposition
Moderate
CVE-2023-44378
was published
for
github.com/consensys/gnark
(Go)
Oct 4, 2023
Apache OpenMeetings insufficient authorization vulnerability
Moderate
CVE-2023-28936
was published
for
org.apache.openmeetings:openmeetings-db
(Maven)
Jul 6, 2023
Apache NiFi Insufficient Property Validation vulnerability
Moderate
CVE-2023-40037
was published
for
org.apache.nifi:nifi-dbcp-base
(Maven)
Aug 19, 2023
Dynamic Linq vulnerable to remote code execution
Critical
CVE-2023-32571
was published
for
System.Linq.Dynamic.Core
(NuGet)
Jun 22, 2023
Inefficient Regular Expression Complexity in chalk/ansi-regex
High
CVE-2021-3807
was published
for
ansi-regex
(npm)
Sep 20, 2021
github.com/tidwall/gjson Vulnerable to REDoS attack
High
CVE-2021-42836
was published
for
github.com/tidwall/gjson
(Go)
Oct 25, 2021
Incorrect Comparison in sodiumoxide
Critical
CVE-2019-25002
was published
for
sodiumoxide
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API