GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
dns-sync command injection vulnerability
Critical
CVE-2014-9682
was published
for
dns-sync
(npm)
Oct 24, 2017
keycloak-connect and keycloak-js improperly handle invalid tokens
Critical
CVE-2017-7474
was published
for
keycloak-connect
(npm)
Nov 15, 2017
Code Execution through IIFE in node-serialize
Critical
CVE-2017-5941
was published
for
node-serialize
(npm)
Jul 18, 2018
Critical severity vulnerability that affects dns-sync
Critical
GHSA-wxvm-fh75-mpgr
was published
for
dns-sync
(npm)
Jul 26, 2018
•
withdrawn
OS Command Injection in async-git
Critical
CVE-2021-3190
was published
for
async-git
(npm)
Jan 29, 2021
Command injection in samba-client
Critical
CVE-2021-27185
was published
for
samba-client
(npm)
Feb 11, 2021
total.js Remote Code Execution Vulnerability
Critical
CVE-2021-23344
was published
for
total.js
(npm)
Mar 19, 2021
Client TLS credentials sent raw to server in npm package nats
Critical
GHSA-prmc-5v5w-c465
was published
for
nats
(npm)
Apr 6, 2021
Command injection in eslint-fixer
Critical
CVE-2021-26275
was published
for
eslint-fixer
(npm)
Apr 13, 2021
Improper Certificate Validation in xmlhttprequest-ssl
Critical
CVE-2021-31597
was published
for
xmlhttprequest-ssl
(npm)
May 24, 2021
Prototype pollution in Merge-deep
Critical
CVE-2021-26707
was published
for
merge-deep
(npm)
Jun 7, 2021
Improper Verification of Cryptographic Signature
Critical
CVE-2021-32685
was published
for
tenvoy
(npm)
Jun 21, 2021
OS Command Injection in node-opencv
Critical
CVE-2019-10061
was published
for
opencv
(npm)
Oct 12, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43571
was published
for
starkbank-ecdsa
(npm)
Nov 10, 2021
Command Injection in node-windows
Critical
CVE-2021-45459
was published
for
node-windows
(npm)
Jan 5, 2022
Code injection in @rkesters/gnuplot
Critical
CVE-2021-29369
was published
for
@rkesters/gnuplot
(npm)
Feb 10, 2022
Command injection in Parse Server through prototype pollution
Critical
CVE-2022-24760
was published
for
parse-server
(npm)
Mar 11, 2022
Command injection in npm-dependency-versions
Critical
CVE-2022-29080
was published
for
npm-dependency-versions
(npm)
Apr 13, 2022
ejs template injection vulnerability
Critical
CVE-2022-29078
was published
for
ejs
(npm)
Apr 26, 2022
Node-Traceroute RCE Vulnerability
Critical
CVE-2018-21268
was published
for
traceroute
(npm)
May 24, 2022
Improper Neutralization of Special Elements used in a Command in Shell-quote
Critical
CVE-2021-42740
was published
for
shell-quote
(npm)
May 24, 2022
llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding
Critical
CVE-2022-32213
was published
for
llhttp
(npm)
Jul 15, 2022
ProTip!
Advisories are also available from the
GraphQL API