GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
69 advisories
Filter by severity
Jinja has a sandbox breakout through indirect reference to format method
Moderate
CVE-2024-56326
was published
for
jinja2
(pip)
Dec 23, 2024
@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection
Moderate
CVE-2024-46976
was published
for
@backstage/plugin-techdocs-backend
(npm)
Sep 17, 2024
Mattermost Desktop App fails to sufficiently configure Electron Fuses
Low
CVE-2024-45835
was published
for
mattermost-desktop
(npm)
Sep 16, 2024
Twig has a possible sandbox bypass
Moderate
CVE-2024-45411
was published
for
twig/twig
(Composer)
Sep 9, 2024
Mattermost allows remote/synthetic users to create sessions, reset passwords
Moderate
CVE-2024-39836
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost Desktop App Remote Code Execution
Moderate
CVE-2024-37182
was published
for
mattermost-desktop
(npm)
Jun 14, 2024
Mattermost Desktop App allows for bypassing TCC restrictions on macOS
Low
CVE-2024-36287
was published
for
mattermost-desktop
(npm)
Jun 14, 2024
Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies
High
CVE-2024-34144
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 2, 2024
ejs lacks certain pollution protection
Moderate
CVE-2024-33883
was published
for
ejs
(npm)
Apr 28, 2024
Intermittent HTTP policy bypass
High
CVE-2024-28248
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Corveda PHPSandbox Protection Mechanism Failure vulnerability
Moderate
CVE-2014-125107
was published
for
corveda/phpsandbox
(Composer)
Dec 19, 2023
Remote Code Execution in Custom Integration Upload
High
CVE-2023-41319
was published
for
ethyca-fides
(pip)
Sep 7, 2023
Potential HTTP policy bypass when using header rules in Cilium
Moderate
CVE-2023-30851
was published
for
github.com/cilium/cilium
(Go)
May 22, 2023
Sandbox escape in Jenkins Email Extension Plugin
Critical
CVE-2023-25765
was published
for
org.jenkins-ci.plugins:email-ext
(Maven)
Feb 15, 2023
Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin
Moderate
CVE-2022-43424
was published
for
com.compuware.jenkins:compuware-xpediter-code-coverage
(Maven)
Oct 19, 2022
Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin
High
CVE-2022-43428
was published
for
com.compuware.jenkins:compuware-topaz-for-total-test
(Maven)
Oct 19, 2022
Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure
High
CVE-2022-43429
was published
for
com.compuware.jenkins:compuware-topaz-for-total-test
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content disabled by Jenkins ScreenRecorder Plugin
High
CVE-2022-43433
was published
for
io.jenkins.plugins:screenrecorder
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content disabled by Jenkins XFramium Builder Plugin
High
CVE-2022-43432
was published
for
org.jenkins-ci.plugins:xframium
(Maven)
Oct 19, 2022
Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure
Moderate
CVE-2022-43414
was published
for
org.jenkins-ci.plugins:nunit
(Maven)
Oct 19, 2022
Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin
Moderate
CVE-2022-43423
was published
for
com.compuware.jenkins:compuware-scm-downloader
(Maven)
Oct 19, 2022
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin
High
CVE-2022-43405
was published
for
io.jenkins.plugins:pipeline-groovy-lib
(Maven)
Oct 19, 2022
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
High
CVE-2022-43404
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Oct 19, 2022
Jenkins Script Security Plugin sandbox bypass vulnerability
Critical
CVE-2022-43403
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Oct 19, 2022
Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code execution
Critical
CVE-2022-43402
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Oct 19, 2022
ProTip!
Advisories are also available from the
GraphQL API