Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
442
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Sandbox bypass in Script Security Plugin Critical
CVE-2019-1003029 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
westonsteimel Credited to westonsteimel
Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD... Critical Unreviewed
CVE-2017-8864 was published May 17, 2022
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access... Critical Unreviewed
CVE-2021-32835 was published May 24, 2022
This issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and... Critical Unreviewed
CVE-2022-32845 was published Sep 25, 2022
An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is... Critical Unreviewed
CVE-2022-47544 was published Jan 5, 2023
The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of... Critical Unreviewed
CVE-2022-48290 was published Feb 9, 2023
Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An... Critical Unreviewed
CVE-2023-32493 was published Aug 16, 2023
Protection mechanism failure in some Intel DCM software before version 5.2 may allow an... Critical Unreviewed
CVE-2023-31273 was published Nov 14, 2023
Vulnerability of incorrect service logic in the WindowManagerServices module.Successful... Critical Unreviewed
CVE-2023-52378 was published Feb 18, 2024
Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when... Critical Unreviewed
CVE-2024-25091 was published Mar 1, 2024
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27665 was published Mar 5, 2025
Spring Security authorization bypass for method security annotations on private methods Critical
CVE-2025-41232 was published for org.springframework.security:spring-security-aspects (Maven) May 21, 2025
tomabai Credited to tomabai
An attacker was able to bypass the `connect-src` directive of a Content Security Policy by... Critical Unreviewed
CVE-2025-6427 was published Jun 26, 2025
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the... Critical Unreviewed
CVE-2025-54143 was published Aug 19, 2025
Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure... Critical Unreviewed
CVE-2025-43728 was published Aug 27, 2025
The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control... Critical Unreviewed
CVE-2025-59033 was published Sep 8, 2025
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports Critical
CVE-2025-10157 was published for picklescan (pip) Sep 10, 2025
davcohen Credited to davcohen
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check Critical
CVE-2025-10156 was published for picklescan (pip) Sep 10, 2025
Picklescan Bypass is Possible via File Extension Mismatch Critical
CVE-2025-10155 was published for picklescan (pip) Sep 10, 2025
Duplicate Advisory: Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports Critical
GHSA-hf6h-9wq7-hmjg was published for picklescan (pip) Sep 17, 2025 withdrawn
In multiple locations, there is a possible way to launch an application from the background due... Critical Unreviewed
CVE-2025-48626 was published Dec 8, 2025
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents... Critical Unreviewed
CVE-2025-65318 was published Dec 16, 2025
When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves... Critical Unreviewed
CVE-2025-65319 was published Dec 16, 2025
n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node Critical
CVE-2025-68668 was published for n8n (npm) Dec 26, 2025
berkdedekarginoglu Credited to berkdedekarginoglu, VladimirEliTokarev, Ofekitach, and nnfrog VladimirEliTokarev VladimirEliTokarev
Ofekitach Ofekitach nnfrog nnfrog
vm2 has a Sandbox Escape Critical
CVE-2026-22709 was published for vm2 (npm) Jan 26, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database