Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

75 advisories

Loading
Apache Airflow Exposes Secrets in Variables Saved as JSON Dictionaries Low
CVE-2026-32690 was published for apache-airflow-core (pip) Apr 18, 2026
Dark Reader gives users the ability to request style sheets from local web servers Low
CVE-2025-68467 was published for darkreader (npm) Mar 4, 2026
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled Low
CVE-2024-51755 was published for twig/twig (Composer) Nov 6, 2024
maantje Credited to maantje, nicolas-grekas, and G-Rath nicolas-grekas nicolas-grekas
G-Rath G-Rath
Twig has unguarded calls to `__toString()` when nesting an object into an array Low
CVE-2024-51754 was published for twig/twig (Composer) Nov 6, 2024
maantje Credited to maantje and fabpot fabpot fabpot
IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via... Low Unreviewed
CVE-2023-50328 was published Feb 2, 2024
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session... Low Unreviewed
CVE-2023-4217 was published Nov 2, 2023
Authenticated clients can read arbitrary files on the MAIN Computer system using the remote... Low Unreviewed
CVE-2023-2622 was published Nov 1, 2023
The vulnerability is to theft of arbitrary files with system privilege in the Screen recording (... Low Unreviewed
CVE-2023-44124 was published Sep 27, 2023
Secret displayed without masking by Chef Identity Plugin Low
CVE-2023-39155 was published for org.jenkins-ci.plugins:chef-identity (Maven) Jul 26, 2023
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel Low
CVE-2023-3299 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24 Credited to anonymous4ACL24
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5,... Low Unreviewed
CVE-2023-32394 was published Jun 23, 2023
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm Low
CVE-2023-29203 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 12, 2023
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the ... Low Unreviewed
CVE-2023-27265 was published Feb 27, 2023
RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions Low
CVE-2023-0481 was published for io.quarkus.resteasy.reactive:resteasy-reactive-common (Maven) Feb 24, 2023
joshbressers Credited to joshbressers
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information... Low Unreviewed
CVE-2022-34452 was published Feb 10, 2023
Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access... Low Unreviewed
CVE-2023-21438 was published Feb 9, 2023
Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local... Low Unreviewed
CVE-2023-21447 was published Feb 9, 2023
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer... Low Unreviewed
CVE-2022-47952 was published Jan 1, 2023
In various functions of ap_input_processor.c, there is a possible way to record audio during a... Low Unreviewed
CVE-2022-20562 was published Dec 21, 2022
In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass... Low Unreviewed
CVE-2022-20529 was published Dec 20, 2022
In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of... Low Unreviewed
CVE-2022-20525 was published Dec 20, 2022
Temporary File Information Disclosure vulnerability in MPXJ Low
CVE-2022-41954 was published for mpxj (Maven) Nov 28, 2022
JLLeitschuh Credited to JLLeitschuh and jkmartindale jkmartindale jkmartindale
Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022... Low Unreviewed
CVE-2022-39886 was published Nov 10, 2022
"IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is... Low Unreviewed
CVE-2022-42442 was published Nov 4, 2022
Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to... Low Unreviewed
CVE-2022-39860 was published Oct 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database