Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,347
Erlang
31
GitHub Actions
22
Go
2,117
Maven
5,000+
npm
3,768
NuGet
680
pip
3,457
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,363 advisories

Loading
Code execution vulnerability in HtmlUnit High
CVE-2020-5529 was published for net.sourceforge.htmlunit:htmlunit (Maven) May 21, 2020
Command injection in node-dns-sync High
CVE-2020-11079 was published for dns-sync (npm) May 28, 2020
Remote code execution via user-provided local names in ActionView High
CVE-2020-8163 was published for actionview (RubyGems) Jul 7, 2020
Log injection in uvicorn High
CVE-2020-7694 was published for uvicorn (pip) Jul 29, 2020
tdunlap607
openapi-python-client Arbitrary Code Generation vulnerability High
CVE-2020-15142 was published for openapi-python-client (pip) Aug 20, 2020
emann dtkav
dbanty westonsteimel
Remote Code Execution in Red Discord Bot High
CVE-2020-15147 was published for Red-DiscordBot (pip) Aug 21, 2020
Jackenmen
Content Injection in remarkable High
CVE-2014-10065 was published for remarkable (npm) Aug 31, 2020
tdunlap607
Sandbox Breakout / Arbitrary Code Execution in static-eval High
GHSA-x9hc-rw35-f44h was published for static-eval (npm) Sep 2, 2020
Arbitrary JavaScript Execution in typed-function High
CVE-2017-1001004 was published for typed-function (npm) Sep 2, 2020
Arbitrary Code Execution in handlebars High
GHSA-2cf5-4w76-r9qv was published for handlebars (npm) Sep 4, 2020
chalbersma
Command Injection in tree-kill High
CVE-2019-15599 was published for tree-kill (npm) Sep 4, 2020
Potential Remote Code Execution vulnerability High
CVE-2020-15227 was published for nette/application (Composer) Oct 2, 2020
RCE in XWiki High
CVE-2020-15252 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Oct 16, 2020
Angular Expressions - Remote Code Execution High
CVE-2021-21277 was published for angular-expressions (npm) Feb 1, 2021
Code injection in Apache Ant High
CVE-2020-11979 was published for org.apache.ant:ant (Maven) Feb 3, 2021
cpropps-sysdig
Code Injection vulnerability in CarrierWave::RMagick High
CVE-2021-21305 was published for carrierwave (RubyGems) Feb 8, 2021
wonda-tea-coffee
Remote code execution in Kramdown High
CVE-2021-28834 was published for kramdown (RubyGems) Mar 29, 2021
Prototype Pollution in decal High
CVE-2020-28450 was published for decal (npm) Apr 13, 2021
Code Injection in script-manager High
CVE-2020-8129 was published for script-manager (npm) Apr 13, 2021
Grav's Twig processing allowing dangerous PHP functions by default High
CVE-2021-29440 was published for getgrav/grav (Composer) Apr 16, 2021
thomas-chauchefoin-sonarsource
Code Injection in oauth2-server High
CVE-2017-18924 was published for oauth2-server (npm) Apr 22, 2021
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial High
CVE-2021-29472 was published for composer/composer (Composer) Apr 29, 2021
thomas-chauchefoin-sonarsource
Command Injection in lodash High
CVE-2021-23337 was published for lodash (npm) May 6, 2021
mitchell-codecov nitaiapiiro
ebickle
Code injection in blamer High
CVE-2020-8137 was published for blamer (npm) May 6, 2021
Arbitrary Code Execution in shiba High
CVE-2020-7738 was published for shiba (npm) May 10, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database