Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

20,944 advisories

Loading
Non-constant time HMAC comparison Moderate
CVE-2020-2102 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Jenkins Diagnostic page exposed session cookies Moderate
CVE-2020-2103 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Jenkins vulnerable to UDP amplification reflection attack Moderate
CVE-2020-2100 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins High
CVE-2020-2099 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Dolibarr Improper Restriction of Excessive Authentication Attempts Critical
CVE-2020-7995 was published for dolibarr/dolibarr (Composer) May 24, 2022
Typo3 Cross-Site Scripting in Flash component (ELTS) Moderate
CVE-2020-8091 was published for typo3/cms (Composer) May 24, 2022
Dolibarr cross-site scripting (XSS) vulnerability Moderate
CVE-2020-7994 was published for dolibarr/dolibarr (Composer) May 24, 2022
Zenario CMS vulnerable to CRLF injection Moderate
CVE-2015-3154 was published for zendframework/zend-http (Composer) May 24, 2022
Plone SQL Injection Vulnerability High
CVE-2020-7939 was published for Plone (pip) May 24, 2022
Plone Privilege Escallation High
CVE-2020-7938 was published for Plone (pip) May 24, 2022
Plone Unauthenticated Write Vulnerability Critical
CVE-2020-7941 was published for Plone (pip) May 24, 2022
Plone Open Redirect Vulnerability Moderate
CVE-2020-7936 was published for Plone (pip) May 24, 2022
Plone cross site scripting (XSS) Moderate
CVE-2020-7937 was published for Plone (pip) May 24, 2022
Plone allows weak passwords High
CVE-2020-7940 was published for Plone (pip) May 24, 2022
Umbraco CMS vulnerable to CSRF Moderate
CVE-2020-7210 was published for UmbracoCMS.Core (NuGet) May 24, 2022
Undertow vulnerable to Uncontrolled Resource Consumption High
CVE-2019-14888 was published for io.undertow:undertow-core (Maven) May 24, 2022
Inconsistent Interpretation of HTTP Requests in Waitress High
CVE-2019-16792 was published for waitress (pip) May 24, 2022
Grin Insufficient Validation High
CVE-2020-6638 was published for grin (Rust) May 24, 2022
papercrop does not properly handle crop input Critical
CVE-2015-2784 was published for papercrop (RubyGems) May 24, 2022
SaltStack Salt is vulnerable to command injection Critical
CVE-2019-17361 was published for salt (pip) May 24, 2022
phpBB Cross-Site Request Forgery (CSRF) Moderate
CVE-2020-5501 was published for phpbb/phpbb (Composer) May 24, 2022
phpBB allows CSRF Moderate
CVE-2020-5502 was published for phpbb/phpbb (Composer) May 24, 2022
CSRF vulnerability in Jenkins Sounds Plugin allow OS command execution High
CVE-2020-2098 was published for org.jenkins-ci.plugins:sounds (Maven) May 24, 2022
NotMyFault
Missing permission checks in Health Advisor by CloudBees Plugin Moderate
CVE-2020-2094 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API