Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Loading
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled Low
CVE-2024-51755 was published for twig/twig (Composer) Nov 6, 2024
maantje nicolas-grekas
G-Rath
Twig has unguarded calls to `__toString()` when nesting an object into an array Low
CVE-2024-51754 was published for twig/twig (Composer) Nov 6, 2024
maantje fabpot
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel Low
CVE-2023-3299 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24
Temporary File Information Disclosure vulnerability in MPXJ Low
CVE-2022-41954 was published for mpxj (Maven) Nov 28, 2022
JLLeitschuh jkmartindale
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted Low
CVE-2022-36901 was published for org.jenkins-ci.plugins:http_request (Maven) Jul 28, 2022
NotMyFault
RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions Low
CVE-2023-0481 was published for io.quarkus.resteasy.reactive:resteasy-reactive-common (Maven) Feb 24, 2023
joshbressers
Secret displayed without masking by Chef Identity Plugin Low
CVE-2023-39155 was published for org.jenkins-ci.plugins:chef-identity (Maven) Jul 26, 2023
RuboCop gem Insecure use of /tmp Low
CVE-2017-8418 was published for rubocop (RubyGems) Nov 15, 2017
tdunlap607
Renderers can obtain access to random bluetooth device without permission in Electron Low
CVE-2022-21718 was published for electron (npm) Mar 22, 2022
PalmerAL
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm Low
CVE-2023-29203 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 12, 2023
File exposure in pleaser Low
CVE-2021-31153 was published for pleaser (Rust) Aug 25, 2021
another-rex
Potential sensitive data exposure in applications using Vaadin 15 Low
CVE-2020-36319 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
knoobie
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled Low
CVE-2022-29247 was published for electron (npm) Jun 16, 2022
TheGrandPew msrkp
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon Low
CVE-2022-27814 was published for Simple-Wayland-HotKey-Daemon (Rust) Apr 15, 2022
Shinyzenith
Context isolation bypass in Electron Low
CVE-2020-15215 was published for electron (npm) Oct 6, 2020
nornagon MarshallOfSound
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database