GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
4,005 advisories
Filter by severity
Arbitrary Code Execution in handlebars
High
GHSA-2cf5-4w76-r9qv
was published
for
handlebars
(npm)
Sep 4, 2020
Users with SCRIPT right can execute arbitrary code in XWiki
Low
CVE-2020-15171
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 10, 2020
Potential Remote Code Execution vulnerability
High
CVE-2020-15227
was published
for
nette/application
(Composer)
Oct 2, 2020
RCE in XWiki
High
CVE-2020-15252
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Oct 16, 2020
Arbitrary Code Execution in blazar-dashboard
Moderate
CVE-2020-26943
was published
for
blazar-dashboard
(pip)
Oct 27, 2020
Angular Expressions - Remote Code Execution
High
CVE-2021-21277
was published
for
angular-expressions
(npm)
Feb 1, 2021
Code injection in Apache Ant
High
CVE-2020-11979
was published
for
org.apache.ant:ant
(Maven)
Feb 3, 2021
Code Injection vulnerability in CarrierWave::RMagick
High
CVE-2021-21305
was published
for
carrierwave
(RubyGems)
Feb 8, 2021
PHP Code Injection by malicious function name in smarty
Critical
CVE-2021-26120
was published
for
smarty/smarty
(Composer)
Feb 26, 2021
Code injection in nobelprizeparser
Critical
GHSA-4wv4-mgfq-598v
was published
for
nobelprizeparser
(npm)
Mar 12, 2021
total.js Remote Code Execution Vulnerability
Critical
CVE-2021-23344
was published
for
total.js
(npm)
Mar 19, 2021
XStream is vulnerable to a Remote Command Execution attack
Moderate
CVE-2021-21345
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Remote code execution in Kramdown
High
CVE-2021-28834
was published
for
kramdown
(RubyGems)
Mar 29, 2021
Unauthenticated remote code execution in Ignition
Critical
CVE-2021-3129
was published
for
facade/ignition
(Composer)
Mar 29, 2021
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible
Moderate
CVE-2020-10684
was published
for
ansible
(pip)
Apr 7, 2021
Code Injection in script-manager
High
CVE-2020-8129
was published
for
script-manager
(npm)
Apr 13, 2021
Grav's Twig processing allowing dangerous PHP functions by default
High
CVE-2021-29440
was published
for
getgrav/grav
(Composer)
Apr 16, 2021
Code Injection in oauth2-server
High
CVE-2017-18924
was published
for
oauth2-server
(npm)
Apr 22, 2021
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
High
CVE-2021-29472
was published
for
composer/composer
(Composer)
Apr 29, 2021
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection
Critical
CVE-2020-28502
was published
for
xmlhttprequest
(npm)
May 4, 2021
Remote code execution in handlebars when compiling templates
Critical
CVE-2021-23369
was published
for
handlebars
(Maven)
May 6, 2021
ProTip!
Advisories are also available from the
GraphQL API