Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,303
Erlang
31
GitHub Actions
21
Go
2,072
Maven
5,000+
npm
3,744
NuGet
669
pip
3,430
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

70 advisories

Loading
Denial of Service in Keycloak Server via Security Headers Moderate
CVE-2024-11734 was published for org.keycloak:keycloak-quarkus-server (Maven) Jan 13, 2025
Jinja has a sandbox breakout through indirect reference to format method Moderate
CVE-2024-56326 was published for jinja2 (pip) Dec 23, 2024
Lydxn despawningbone
@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection Moderate
CVE-2024-46976 was published for @backstage/plugin-techdocs-backend (npm) Sep 17, 2024
Mattermost Desktop App fails to sufficiently configure Electron Fuses Low
CVE-2024-45835 was published for mattermost-desktop (npm) Sep 16, 2024
Twig has a possible sandbox bypass Moderate
CVE-2024-45411 was published for twig/twig (Composer) Sep 9, 2024
fabpot stof
Mattermost allows remote/synthetic users to create sessions, reset passwords Moderate
CVE-2024-39836 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 22, 2024
Mattermost Desktop App Remote Code Execution Moderate
CVE-2024-37182 was published for mattermost-desktop (npm) Jun 14, 2024
Mattermost Desktop App allows for bypassing TCC restrictions on macOS Low
CVE-2024-36287 was published for mattermost-desktop (npm) Jun 14, 2024
Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies High
CVE-2024-34144 was published for org.jenkins-ci.plugins:script-security (Maven) May 2, 2024
ejs lacks certain pollution protection Moderate
CVE-2024-33883 was published for ejs (npm) Apr 28, 2024
Intermittent HTTP policy bypass High
CVE-2024-28248 was published for github.com/cilium/cilium (Go) Mar 18, 2024
sayboras
Corveda PHPSandbox Protection Mechanism Failure vulnerability Moderate
CVE-2014-125107 was published for corveda/phpsandbox (Composer) Dec 19, 2023
Remote Code Execution in Custom Integration Upload High
CVE-2023-41319 was published for ethyca-fides (pip) Sep 7, 2023
grmpyninja
Potential HTTP policy bypass when using header rules in Cilium Moderate
CVE-2023-30851 was published for github.com/cilium/cilium (Go) May 22, 2023
Sandbox escape in Jenkins Email Extension Plugin Critical
CVE-2023-25765 was published for org.jenkins-ci.plugins:email-ext (Maven) Feb 15, 2023
Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin Moderate
CVE-2022-43423 was published for com.compuware.jenkins:compuware-scm-downloader (Maven) Oct 19, 2022
NotMyFault
Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure Moderate
CVE-2022-43414 was published for org.jenkins-ci.plugins:nunit (Maven) Oct 19, 2022
Content-Security-Policy protection for user content disabled by Jenkins ScreenRecorder Plugin High
CVE-2022-43433 was published for io.jenkins.plugins:screenrecorder (Maven) Oct 19, 2022
NotMyFault
Content-Security-Policy protection for user content disabled by Jenkins XFramium Builder Plugin High
CVE-2022-43432 was published for org.jenkins-ci.plugins:xframium (Maven) Oct 19, 2022
NotMyFault
Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin Moderate
CVE-2022-43424 was published for com.compuware.jenkins:compuware-xpediter-code-coverage (Maven) Oct 19, 2022
NotMyFault
Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin High
CVE-2022-43428 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
NotMyFault
Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure High
CVE-2022-43429 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin High
CVE-2022-43404 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Oct 19, 2022
NotMyFault
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin High
CVE-2022-43405 was published for io.jenkins.plugins:pipeline-groovy-lib (Maven) Oct 19, 2022
NotMyFault
Sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin High
CVE-2022-43406 was published for io.jenkins.plugins:pipeline-groovy-lib (Maven) Oct 19, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database