Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
32
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,369 advisories

Loading
Improper Input Validation and Code Injection in pdf-image High
CVE-2020-8132 was published for pdf-image (npm) May 10, 2021
Code Injection in mosc High
CVE-2020-7672 was published for mosc (npm) May 17, 2021
Script injection without script or programming rights through Gadget titles High
CVE-2021-32621 was published for org.xwiki.commons:xwiki-commons-core (Maven) May 18, 2021
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
Remote Command Execution in reg-keygen-git-hash-plugin High
CVE-2021-32673 was published for reg-keygen-git-hash-plugin (npm) Jun 8, 2021
progfay
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows High
CVE-2021-34551 was published for phpmailer/phpmailer (Composer) Jun 22, 2021
Code injection in Narou High
CVE-2021-35514 was published for narou (RubyGems) Jul 2, 2021
Code injection issue for java-spring-cloud-stream-template High
CVE-2021-37694 was published for @asyncapi/java-spring-cloud-stream-template (npm) Aug 25, 2021
jonaslagoni
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-39144 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Remote code execution in better-macro High
CVE-2021-38196 was published for better-macro (Rust) Aug 25, 2021
Code injection in nbgitpuller High
CVE-2021-39160 was published for nbgitpuller (pip) Aug 30, 2021
Code Injection in total.js High
CVE-2021-32831 was published for total.js (npm) Sep 1, 2021
Code Injection in pac-resolver High
CVE-2021-23406 was published for degenerator (npm) Sep 2, 2021
seng1e
Improper Input Validation and Command Injection in Ansible High
CVE-2021-3583 was published for ansible (pip) Sep 23, 2021
Cobbler before 3.3.0 allows log poisoning High
CVE-2021-40323 was published for cobbler (pip) Oct 5, 2021
The affected controllers do not properly sanitize the input containing code syntax. As a result,... High Unreviewed
CVE-2021-38448 was published Nov 23, 2021
Code injection in spring-cloud-netflix-hystrix-dashboard High
CVE-2021-22053 was published for org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard (Maven) Nov 23, 2021
Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the... High Unreviewed
CVE-2021-3725 was published Dec 1, 2021
A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x... High Unreviewed
CVE-2021-35413 was published Dec 4, 2021
Code injection in FreeIPA High
CVE-2019-14867 was published for freeipa (pip) Dec 6, 2021
There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this... High Unreviewed
CVE-2021-37097 was published Dec 9, 2021
Code injection via unsafe YAML loading High
CVE-2021-43811 was published for sockeye (pip) Dec 9, 2021
Code Injection in jackson-databind High
CVE-2020-24616 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An... High Unreviewed
CVE-2021-29214 was published Dec 11, 2021
Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730,... High Unreviewed
CVE-2021-44235 was published Dec 15, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database