GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,046
Maven
5,000+
npm
3,737
NuGet
663
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
73 advisories
Filter by severity
Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File
Low
CVE-2020-1733
was published
for
ansible
(pip)
Apr 20, 2021
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
Low
CVE-2020-10744
was published
for
ansible
(pip)
Feb 9, 2022
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled
Low
CVE-2024-51755
was published
for
twig/twig
(Composer)
Nov 6, 2024
Twig has unguarded calls to `__toString()` when nesting an object into an array
Low
CVE-2024-51754
was published
for
twig/twig
(Composer)
Nov 6, 2024
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
Low
CVE-2023-3299
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
The vulnerability is to theft of arbitrary files with system privilege in the Screen recording (...
Low
Unreviewed
CVE-2023-44124
was published
Sep 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5,...
Low
Unreviewed
CVE-2023-32394
was published
Jun 23, 2023
Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure...
Low
Unreviewed
CVE-2021-36319
was published
Nov 21, 2021
IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via...
Low
Unreviewed
CVE-2023-50328
was published
Feb 2, 2024
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted
Low
CVE-2022-36901
was published
for
org.jenkins-ci.plugins:http_request
(Maven)
Jul 28, 2022
In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An...
Low
Unreviewed
CVE-2022-37703
was published
Sep 14, 2022
RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions
Low
CVE-2023-0481
was published
for
io.quarkus.resteasy.reactive:resteasy-reactive-common
(Maven)
Feb 24, 2023
Secret displayed without masking by Chef Identity Plugin
Low
CVE-2023-39155
was published
for
org.jenkins-ci.plugins:chef-identity
(Maven)
Jul 26, 2023
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session...
Low
Unreviewed
CVE-2023-4217
was published
Nov 2, 2023
Authenticated clients can read arbitrary files on the MAIN Computer
system using the remote...
Low
Unreviewed
CVE-2023-2622
was published
Nov 1, 2023
RuboCop gem Insecure use of /tmp
Low
CVE-2017-8418
was published
for
rubocop
(RubyGems)
Nov 15, 2017
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer...
Low
Unreviewed
CVE-2022-47952
was published
Jan 1, 2023
In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to...
Low
Unreviewed
CVE-2021-0978
was published
Dec 16, 2021
Improper access control vulnerability in updateLastConnectedClientInfo function of...
Low
Unreviewed
CVE-2022-30750
was published
Jul 13, 2022
Renderers can obtain access to random bluetooth device without permission in Electron
Low
CVE-2022-21718
was published
for
electron
(npm)
Mar 22, 2022
Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022...
Low
Unreviewed
CVE-2022-39886
was published
Nov 10, 2022
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard...
Low
Unreviewed
CVE-2022-37438
was published
Aug 17, 2022
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior...
Low
Unreviewed
CVE-2022-30751
was published
Jul 13, 2022
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior...
Low
Unreviewed
CVE-2022-30752
was published
Jul 13, 2022
ProTip!
Advisories are also available from the
GraphQL API