GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,759
NuGet
678
pip
3,445
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+
2,343 advisories
Filter by severity
Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the...
High
Unreviewed
CVE-2021-3725
was published
Dec 1, 2021
Code injection in spring-cloud-netflix-hystrix-dashboard
High
CVE-2021-22053
was published
for
org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard
(Maven)
Nov 23, 2021
The affected controllers do not properly sanitize the input containing code syntax. As a result,...
High
Unreviewed
CVE-2021-38448
was published
Nov 23, 2021
Cobbler before 3.3.0 allows log poisoning
High
CVE-2021-40323
was published
for
cobbler
(pip)
Oct 5, 2021
Improper Input Validation and Command Injection in Ansible
High
CVE-2021-3583
was published
for
ansible
(pip)
Sep 23, 2021
Remote code execution in better-macro
High
CVE-2021-38196
was published
for
better-macro
(Rust)
Aug 25, 2021
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-39144
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Code injection issue for java-spring-cloud-stream-template
High
CVE-2021-37694
was published
for
@asyncapi/java-spring-cloud-stream-template
(npm)
Aug 25, 2021
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
High
CVE-2021-34551
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
Remote Command Execution in reg-keygen-git-hash-plugin
High
CVE-2021-32673
was published
for
reg-keygen-git-hash-plugin
(npm)
Jun 8, 2021
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-29505
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 18, 2021
Script injection without script or programming rights through Gadget titles
High
CVE-2021-32621
was published
for
org.xwiki.commons:xwiki-commons-core
(Maven)
May 18, 2021
Improper Input Validation and Code Injection in pdf-image
High
CVE-2020-8132
was published
for
pdf-image
(npm)
May 10, 2021
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
High
CVE-2021-29472
was published
for
composer/composer
(Composer)
Apr 29, 2021
Code Injection in oauth2-server
High
CVE-2017-18924
was published
for
oauth2-server
(npm)
Apr 22, 2021
Grav's Twig processing allowing dangerous PHP functions by default
High
CVE-2021-29440
was published
for
getgrav/grav
(Composer)
Apr 16, 2021
Code Injection in script-manager
High
CVE-2020-8129
was published
for
script-manager
(npm)
Apr 13, 2021
ProTip!
Advisories are also available from the
GraphQL API