GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
906 advisories
Filter by severity
actionpack CRLF injection vulnerability
Moderate
CVE-2011-3186
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Arbitrary Code Injection in mobile-icon-resizer
Moderate
GHSA-mxjr-xmcg-fg7w
was published
for
mobile-icon-resizer
(npm)
Jun 27, 2019
Object injection in cookie driver in phpfastcache
Moderate
CVE-2019-16774
was published
for
phpfastcache/phpfastcache
(Composer)
Dec 12, 2019
Arbitrary Code Execution in blazar-dashboard
Moderate
CVE-2020-26943
was published
for
blazar-dashboard
(pip)
Oct 27, 2020
XStream is vulnerable to a Remote Command Execution attack
Moderate
CVE-2021-21345
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible
Moderate
CVE-2020-10684
was published
for
ansible
(pip)
Apr 7, 2021
Insecure template handling in express-hbs
Moderate
CVE-2021-32817
was published
for
express-hbs
(npm)
May 17, 2021
Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality
Moderate
CVE-2021-32809
was published
for
ckeditor4
(npm)
Aug 23, 2021
PHP file inclusion via insert tags
Moderate
CVE-2021-37626
was published
for
contao/contao
(Composer)
Aug 23, 2021
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs
Moderate
CVE-2021-32822
was published
for
hbs
(npm)
Sep 2, 2021
Code Injection in SLO Generator
Moderate
CVE-2021-22557
was published
for
slo-generator
(pip)
Oct 5, 2021
Code injection in `saved_model_cli`
Moderate
CVE-2021-41228
was published
for
tensorflow
(pip)
Nov 10, 2021
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in...
Moderate
Unreviewed
CVE-2021-33493
was published
Nov 23, 2021
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Moderate
Unreviewed
CVE-2021-43221
was published
Nov 25, 2021
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute...
Moderate
Unreviewed
CVE-2021-38967
was published
Dec 1, 2021
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote,...
Moderate
Unreviewed
CVE-2021-29113
was published
Dec 8, 2021
vault-cli contains possible RCE when reading user-defined data
Moderate
CVE-2021-43837
was published
for
vault-cli
(pip)
Dec 16, 2021
NETGEAR R6400 devices before 1.0.1.70 are affected by server-side injection.
Moderate
Unreviewed
CVE-2021-45655
was published
Dec 27, 2021
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique...
Moderate
Unreviewed
CVE-2022-21928
was published
Jan 12, 2022
Template injection (Improper Neutralization of Special Elements Used in a Template Engine)...
Moderate
Unreviewed
CVE-2022-23810
was published
Feb 25, 2022
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which...
Moderate
Unreviewed
CVE-2021-38745
was published
Mar 22, 2022
ProTip!
Advisories are also available from the
GraphQL API