Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

466 advisories

Loading
Remote Code Execution in Angular Expressions High
CVE-2020-5219 was published for angular-expressions (npm) Jan 24, 2020
MaxNad
Remote Code Execution (RCE) vulnerability in dropwizard-validation High
CVE-2020-11002 was published for io.dropwizard:dropwizard-validation (Maven) Apr 10, 2020
pwntester
Unexpected database bindings High
GHSA-x7p5-p2c9-phvg was published for illuminate/database (Composer) Feb 2, 2021
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0 High
CVE-2020-15277 was published for baserproject/basercms (Composer) Oct 30, 2020
Aquilao
Arbitrary code execution in ExifTool High
GHSA-4whq-r978-2x68 was published for exiftool-vendored (npm) May 4, 2021
boardhead wbowling
Arbitrary Code Execution in json-ptr High
GHSA-rrqv-vjrw-hrcr was published for json-ptr (npm) May 26, 2021
CSV injection in Craft CMS High
GHSA-xrpj-f9v6-2332 was published for craftcms/cms (Composer) Oct 4, 2021 withdrawn
io.ratpack:ratpack-core vulnerable to Improper Neutralization of Special Elements in Output ('Injection') High
CVE-2019-17513 was published for io.ratpack:ratpack-core (Maven) Oct 21, 2019
Null Byte Injection in Plug.Static High
CVE-2017-1000052 was published for plug (Erlang) Apr 12, 2022
ExifTool vulnerable to arbitrary code execution High
GHSA-q95h-cqrv-8jv5 was published for exiftool_vendored (RubyGems) Jan 20, 2023
dgollahon
Command injection in simple-git High
CVE-2022-24433 was published for simple-git (npm) Mar 12, 2022
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop... High Unreviewed
CVE-2021-44537 was published Jan 16, 2022
A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction... High Unreviewed
CVE-2021-43097 was published Mar 30, 2022
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders... High Unreviewed
CVE-2022-28345 was published Apr 16, 2022
Improper handling of multiline messages in node-irc affects matrix-appservice-irc High
CVE-2022-29166 was published for matrix-appservice-irc (npm) May 23, 2022
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject... High Unreviewed
CVE-2022-27924 was published Apr 22, 2022
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy... High Unreviewed
CVE-2021-43269 was published Jan 21, 2022
Command injection in git-parse High
CVE-2021-26543 was published for git-parse (npm) Feb 10, 2022
Injection in Jolokia agent High
CVE-2018-1000130 was published for org.jolokia:jolokia-core (Maven) May 14, 2022
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
Command injection in czproject/git-php High
CVE-2022-25866 was published for czproject/git-php (Composer) Apr 26, 2022
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. High Unreviewed
CVE-2020-8644 was published May 24, 2022
Prototype pollution in dojo High
CVE-2020-5258 was published for dojo (npm) Mar 10, 2020
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov High
CVE-2020-7596 was published for codecov (npm) May 24, 2022
mmcshinsky-bitgo
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an... High Unreviewed
CVE-2020-17496 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database