Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

4,005 advisories

Loading
Arbitrary Code Execution in handlebars High
GHSA-2cf5-4w76-r9qv was published for handlebars (npm) Sep 4, 2020
chalbersma
Command Injection in tree-kill High
CVE-2019-15599 was published for tree-kill (npm) Sep 4, 2020
Users with SCRIPT right can execute arbitrary code in XWiki Low
CVE-2020-15171 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 10, 2020
Potential Remote Code Execution vulnerability High
CVE-2020-15227 was published for nette/application (Composer) Oct 2, 2020
RCE in XWiki High
CVE-2020-15252 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Oct 16, 2020
Arbitrary Code Execution in blazar-dashboard Moderate
CVE-2020-26943 was published for blazar-dashboard (pip) Oct 27, 2020
Code Injection in mquery Moderate
CVE-2020-35149 was published for mquery (npm) Dec 18, 2020
Angular Expressions - Remote Code Execution High
CVE-2021-21277 was published for angular-expressions (npm) Feb 1, 2021
Code injection in Apache Ant High
CVE-2020-11979 was published for org.apache.ant:ant (Maven) Feb 3, 2021
cpropps-sysdig
Code Injection vulnerability in CarrierWave::RMagick High
CVE-2021-21305 was published for carrierwave (RubyGems) Feb 8, 2021
wonda-tea-coffee
PHP Code Injection by malicious function name in smarty Critical
CVE-2021-26120 was published for smarty/smarty (Composer) Feb 26, 2021
stevenseeley
Code injection in nobelprizeparser Critical
GHSA-4wv4-mgfq-598v was published for nobelprizeparser (npm) Mar 12, 2021
total.js Remote Code Execution Vulnerability Critical
CVE-2021-23344 was published for total.js (npm) Mar 19, 2021
XStream is vulnerable to a Remote Command Execution attack Moderate
CVE-2021-21345 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Remote code execution in Kramdown High
CVE-2021-28834 was published for kramdown (RubyGems) Mar 29, 2021
Unauthenticated remote code execution in Ignition Critical
CVE-2021-3129 was published for facade/ignition (Composer) Mar 29, 2021
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible Moderate
CVE-2020-10684 was published for ansible (pip) Apr 7, 2021
Prototype Pollution in decal High
CVE-2020-28450 was published for decal (npm) Apr 13, 2021
Code Injection in script-manager High
CVE-2020-8129 was published for script-manager (npm) Apr 13, 2021
Arbitrary code execution in djv Critical
CVE-2020-28464 was published for djv (npm) Apr 13, 2021
Grav's Twig processing allowing dangerous PHP functions by default High
CVE-2021-29440 was published for getgrav/grav (Composer) Apr 16, 2021
thomas-chauchefoin-sonarsource
Code Injection in oauth2-server High
CVE-2017-18924 was published for oauth2-server (npm) Apr 22, 2021
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection Critical
CVE-2020-28502 was published for xmlhttprequest (npm) May 4, 2021
Remote code execution in handlebars when compiling templates Critical
CVE-2021-23369 was published for handlebars (Maven) May 6, 2021
westonsteimel
ProTip! Advisories are also available from the GraphQL API