GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,328
Erlang
31
GitHub Actions
21
Go
2,090
Maven
5,000+
npm
3,754
NuGet
675
pip
3,442
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+
4,051 advisories
Filter by severity
remote code execution via git repo provider
Critical
CVE-2021-39159
was published
for
binderhub
(pip)
Aug 30, 2021
Remote code execution in better-macro
High
CVE-2021-38196
was published
for
better-macro
(Rust)
Aug 25, 2021
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-39144
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Code injection issue for java-spring-cloud-stream-template
High
CVE-2021-37694
was published
for
@asyncapi/java-spring-cloud-stream-template
(npm)
Aug 25, 2021
PHP file inclusion via insert tags
Moderate
CVE-2021-37626
was published
for
contao/contao
(Composer)
Aug 23, 2021
Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality
Moderate
CVE-2021-32809
was published
for
ckeditor4
(npm)
Aug 23, 2021
Craft CMS Remote Code Injection
Critical
CVE-2021-27903
was published
for
craftcms/cms
(Composer)
Jul 2, 2021
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
High
CVE-2021-34551
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
Remote Command Execution in reg-keygen-git-hash-plugin
High
CVE-2021-32673
was published
for
reg-keygen-git-hash-plugin
(npm)
Jun 8, 2021
Dragonfly contains remote code execution vulnerability
Critical
CVE-2021-33564
was published
for
dragonfly
(RubyGems)
Jun 2, 2021
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-29505
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 18, 2021
Script injection without script or programming rights through Gadget titles
High
CVE-2021-32621
was published
for
org.xwiki.commons:xwiki-commons-core
(Maven)
May 18, 2021
Code Injection in node-extend
Critical
CVE-2020-7673
was published
for
node-extend
(npm)
May 17, 2021
Improper Input Validation in access-policy
Critical
CVE-2020-7674
was published
for
access-policy
(npm)
May 17, 2021
Code Injection in cd-messenger
Critical
CVE-2020-7675
was published
for
cd-messenger
(npm)
May 17, 2021
Insecure template handling in express-hbs
Moderate
CVE-2021-32817
was published
for
express-hbs
(npm)
May 17, 2021
Improper Input Validation and Code Injection in pdf-image
High
CVE-2020-8132
was published
for
pdf-image
(npm)
May 10, 2021
Withdrawn: Arbitrary Code Execution in static-eval
Critical
CVE-2021-23334
was published
for
static-eval
(npm)
May 6, 2021
•
withdrawn
Arbitrary Code Execution in underscore
Critical
CVE-2021-23358
was published
for
underscore
(npm)
May 6, 2021
ProTip!
Advisories are also available from the
GraphQL API