Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

20 advisories

Loading
PickleScan's pkgutil.resolve_name has a universal blocklist bypass Critical
GHSA-vvpj-8cmc-gx39 was published for picklescan (pip) Mar 3, 2026
yash2998chhabria Credited to yash2998chhabria
The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on... Moderate Unreviewed
CVE-2026-2303 was published Feb 10, 2026
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid:... Moderate Unreviewed
CVE-2026-2302 was published Feb 10, 2026
n8n: Webhook Node IP Whitelist Bypass via Partial String Matching Moderate
CVE-2025-68949 was published for n8n (npm) Jan 13, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on... High Unreviewed
CVE-2025-59457 was published Sep 17, 2025
Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate... High Unreviewed
CVE-2025-53762 was published Jul 18, 2025
filebrowser Allows Shell Commands to Spawn Other Commands High
CVE-2025-52903 was published for github.com/filebrowser/filebrowser (Go) Jun 27, 2025
mtausig Credited to mtausig and hacdias hacdias hacdias
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS... High Unreviewed
CVE-2025-24349 was published Apr 30, 2025
A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a Regular... Moderate Unreviewed
CVE-2024-12391 was published Mar 20, 2025
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0).... Moderate Unreviewed
CVE-2024-47565 was published Oct 8, 2024
A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A... Moderate Unreviewed
CVE-2023-7250 was published Mar 18, 2024
This vulnerability potentially allows unauthorized write operations which may lead to remote code... High Unreviewed
CVE-2024-1654 was published Mar 14, 2024
Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise,... High Unreviewed
CVE-2023-4399 was published Oct 17, 2023
A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below,... Moderate Unreviewed
CVE-2022-42469 was published Apr 11, 2023
Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin Critical
CVE-2019-10328 was published for org.jenkins-ci.plugins:workflow-remote-loader (Maven) May 24, 2022
westonsteimel Credited to westonsteimel
A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive... Moderate Unreviewed
CVE-2021-34787 was published May 24, 2022
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin Critical
CVE-2019-10458 was published for org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline (Maven) May 24, 2022
westonsteimel Credited to westonsteimel
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin Critical
CVE-2019-10417 was published for io.fabric8.pipeline:kubernetes-pipeline-steps (Maven) May 24, 2022
westonsteimel Credited to westonsteimel
Incorrect Comparison, Permissive List of Allowed Inputs, and Privilege Context Switching Error in PostgreSQL Critical Unreviewed
CVE-2020-25696 was published Feb 15, 2022
Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak Moderate
CVE-2020-1694 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database