GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Jinja has a sandbox breakout through indirect reference to format method
Moderate
CVE-2024-56326
was published
for
jinja2
(pip)
Dec 23, 2024
@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection
Moderate
CVE-2024-46976
was published
for
@backstage/plugin-techdocs-backend
(npm)
Sep 17, 2024
Twig has a possible sandbox bypass
Moderate
CVE-2024-45411
was published
for
twig/twig
(Composer)
Sep 9, 2024
Mattermost allows remote/synthetic users to create sessions, reset passwords
Moderate
CVE-2024-39836
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 22, 2024
Mattermost Desktop App Remote Code Execution
Moderate
CVE-2024-37182
was published
for
mattermost-desktop
(npm)
Jun 14, 2024
ejs lacks certain pollution protection
Moderate
CVE-2024-33883
was published
for
ejs
(npm)
Apr 28, 2024
Corveda PHPSandbox Protection Mechanism Failure vulnerability
Moderate
CVE-2014-125107
was published
for
corveda/phpsandbox
(Composer)
Dec 19, 2023
Potential HTTP policy bypass when using header rules in Cilium
Moderate
CVE-2023-30851
was published
for
github.com/cilium/cilium
(Go)
May 22, 2023
Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin
Moderate
CVE-2022-43424
was published
for
com.compuware.jenkins:compuware-xpediter-code-coverage
(Maven)
Oct 19, 2022
Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure
Moderate
CVE-2022-43414
was published
for
org.jenkins-ci.plugins:nunit
(Maven)
Oct 19, 2022
Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin
Moderate
CVE-2022-43423
was published
for
com.compuware.jenkins:compuware-scm-downloader
(Maven)
Oct 19, 2022
Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin
Moderate
CVE-2022-43422
was published
for
com.compuware.jenkins:compuware-topaz-utilities
(Maven)
Oct 19, 2022
Jenkins WildFly Deployer Plugin vulnerable to path traversal
Moderate
CVE-2022-41235
was published
for
org.jenkins-ci.plugins:wildfly-deployer
(Maven)
Sep 22, 2022
Jenkins Compuware zAdviser API Plugin vulnerable to protection mechanism failure
Moderate
CVE-2022-36900
was published
for
com.compuware.jenkins:compuware-zadviser-api
(Maven)
Jul 28, 2022
Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin
Moderate
CVE-2022-36899
was published
for
com.compuware.jenkins:compuware-ispw-operations
(Maven)
Jul 28, 2022
Agent-to-controller security bypass in Jenkins xUnit Plugin
Moderate
CVE-2022-34181
was published
for
org.jenkins-ci.plugins:xunit
(Maven)
Jun 24, 2022
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files
Moderate
CVE-2022-25197
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Feb 16, 2022
ProTip!
Advisories are also available from the
GraphQL API