Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,518
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,758
Pub
13
RubyGems
1,036
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights ... High Unreviewed
CVE-2026-21915 was published Apr 10, 2026
DOMPurify ADD_ATTR predicate skips URI validation Moderate
GHSA-cjmm-f4jc-qw8r was published for dompurify (npm) Apr 3, 2026
christos-eth Credited to christos-eth
OpenClaw's incomplete host env sanitization blocklist allows supply-chain redirection via package-manager env overrides Critical
GHSA-j7p2-qcwm-94v4 was published for openclaw (npm) Mar 31, 2026
tdjackey Credited to tdjackey
Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk) High
CVE-2026-33979 was published for express-xss-sanitizer (npm) Mar 27, 2026
Lissy93 Credited to Lissy93
Astro: Remote allowlist bypass via unanchored matchPathname wildcard Low
CVE-2026-33769 was published for astro (npm) Mar 26, 2026
christos-eth Credited to christos-eth
A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of... Moderate Unreviewed
CVE-2026-4509 was published Mar 21, 2026
Permissive List of Allowed Inputs in ewe Moderate
CVE-2026-32881 was published for ewe (Erlang) Mar 16, 2026
jtdowney Credited to jtdowney
PickleScan's pkgutil.resolve_name has a universal blocklist bypass Critical
GHSA-vvpj-8cmc-gx39 was published for picklescan (pip) Mar 3, 2026
yash2998chhabria Credited to yash2998chhabria
The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on... Moderate Unreviewed
CVE-2026-2303 was published Feb 10, 2026
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid:... Moderate Unreviewed
CVE-2026-2302 was published Feb 10, 2026
n8n: Webhook Node IP Whitelist Bypass via Partial String Matching Moderate
CVE-2025-68949 was published for n8n (npm) Jan 13, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on... High Unreviewed
CVE-2025-59457 was published Sep 17, 2025
Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate... High Unreviewed
CVE-2025-53762 was published Jul 18, 2025
filebrowser Allows Shell Commands to Spawn Other Commands High
CVE-2025-52903 was published for github.com/filebrowser/filebrowser (Go) Jun 27, 2025
mtausig Credited to mtausig and hacdias hacdias hacdias
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS... High Unreviewed
CVE-2025-24349 was published Apr 30, 2025
A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a Regular... Moderate Unreviewed
CVE-2024-12391 was published Mar 20, 2025
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0).... Moderate Unreviewed
CVE-2024-47565 was published Oct 8, 2024
A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A... Moderate Unreviewed
CVE-2023-7250 was published Mar 18, 2024
This vulnerability potentially allows unauthorized write operations which may lead to remote code... High Unreviewed
CVE-2024-1654 was published Mar 14, 2024
Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise,... High Unreviewed
CVE-2023-4399 was published Oct 17, 2023
A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below,... Moderate Unreviewed
CVE-2022-42469 was published Apr 11, 2023
Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin Critical
CVE-2019-10328 was published for org.jenkins-ci.plugins:workflow-remote-loader (Maven) May 24, 2022
westonsteimel Credited to westonsteimel
A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive... Moderate Unreviewed
CVE-2021-34787 was published May 24, 2022
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin Critical
CVE-2019-10458 was published for org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline (Maven) May 24, 2022
westonsteimel Credited to westonsteimel
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin Critical
CVE-2019-10417 was published for io.fabric8.pipeline:kubernetes-pipeline-steps (Maven) May 24, 2022
westonsteimel Credited to westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database