GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
743 advisories
Filter by severity
Command Injection in hot-formula-parser
Critical
CVE-2020-6836
was published
for
hot-formula-parser
(npm)
May 6, 2020
Arbitrary JavaScript Execution in bassmaster
Critical
CVE-2014-7205
was published
for
bassmaster
(npm)
Oct 24, 2017
Arbitrary Code Injection in reduce-css-calc
Critical
CVE-2016-10548
was published
for
reduce-css-calc
(npm)
Jun 7, 2018
Arbitrary Code Injection in pouchdb
Critical
CVE-2016-10546
was published
for
pouchdb
(npm)
Jul 26, 2018
Arbitrary Code Execution in mathjs
Critical
CVE-2017-1001002
was published
for
mathjs
(npm)
Dec 18, 2017
Code injection in nobelprizeparser
Critical
GHSA-4wv4-mgfq-598v
was published
for
nobelprizeparser
(npm)
Mar 12, 2021
Growl before 1.10.0 vulnerable to Command Injection
Critical
CVE-2017-16042
was published
for
growl
(npm)
Jun 8, 2018
The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be...
Critical
Unreviewed
CVE-2022-4060
was published
Jan 16, 2023
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Critical
CVE-2023-22731
was published
for
shopware/core
(Composer)
Jan 17, 2023
Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina
Critical
CVE-2023-23619
was published
for
@asyncapi/modelina
(npm)
Sep 21, 2021
Embedded Malicious Code in node-ipc
Critical
CVE-2022-23812
was published
for
node-ipc
(npm)
Mar 16, 2022
A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to...
Critical
Unreviewed
CVE-2022-26174
was published
Mar 23, 2022
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.
Critical
Unreviewed
CVE-2022-25578
was published
Mar 20, 2022
A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute...
Critical
Unreviewed
CVE-2022-26272
was published
Mar 26, 2022
Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE)...
Critical
Unreviewed
CVE-2022-26205
was published
Mar 28, 2022
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload...
Critical
Unreviewed
CVE-2022-26255
was published
Mar 29, 2022
Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a...
Critical
Unreviewed
CVE-2022-26198
was published
Mar 28, 2022
Web Media Extensions Remote Code Execution Vulnerability
Critical
Unreviewed
CVE-2021-43214
was published
Dec 16, 2021
Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability
Critical
Unreviewed
CVE-2021-43899
was published
Dec 16, 2021
Bot Framework SDK Remote Code Execution Vulnerability
Critical
Unreviewed
CVE-2021-43225
was published
Dec 16, 2021
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE...
Critical
Unreviewed
CVE-2021-42310
was published
Dec 16, 2021
fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for...
Critical
Unreviewed
CVE-2020-15591
was published
Mar 18, 2022
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability...
Critical
Unreviewed
CVE-2022-22954
was published
Apr 12, 2022
There is a logic bypass vulnerability in smartphones. Successful exploitation of this...
Critical
Unreviewed
CVE-2021-22430
was published
Feb 26, 2022
ProTip!
Advisories are also available from the
GraphQL API