Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,747
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

847 advisories

Loading
Arbitrary Command Injection Critical
CVE-2021-23399 was published for wincred (npm) Jun 29, 2021
keycloak Self Stored Cross-site Scripting vulnerability Critical
CVE-2021-20195 was published for org.keycloak:keycloak-core (Maven) Jun 8, 2021
Improper Input Validation in HashiCorp Vault Critical
CVE-2020-12757 was published for github.com/hashicorp/vault-plugin-secrets-gcp (Go) May 18, 2021
Prototype Pollution in locutus Critical
CVE-2020-7719 was published for locutus (npm) May 6, 2021
Validation bypass in jpv Critical
CVE-2020-17479 was published for jpv (npm) May 6, 2021
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain Critical
CVE-2021-30492 was published for zendesk/zendesk_api_client_php (Composer) Apr 29, 2021
Improper Input Validation in PyYAML Critical
CVE-2020-1747 was published for pyyaml (pip) Apr 20, 2021
tdunlap607 amita-seal
Improper parsing of octal bytes in netmask Critical
CVE-2021-28918 was published for netmask (npm) Apr 14, 2021
Remote code execution in mongo-express Critical
CVE-2020-24391 was published for mongodb-query-parser (npm) Apr 13, 2021
Improper Input Validation in network-manager Critical
CVE-2019-10786 was published for network-manager (npm) Apr 13, 2021
Improper Input Validation in PyYAML Critical
CVE-2020-14343 was published for PyYAML (pip) Mar 25, 2021
Prefix escape Critical
CVE-2021-21321 was published for fastify-reply-from (npm) Mar 3, 2021
Potential Remote Code Execution in TYPO3 with mediace extension Critical
CVE-2020-15086 was published for friendsoftypo3/mediace (Composer) Jul 29, 2020
ohader
Remote code execution in Apache Commons Configuration Critical
CVE-2020-1953 was published for org.apache.commons:commons-configuration2 (Maven) May 21, 2020
Command Injection in npm-programmatic Critical
CVE-2020-7614 was published for npm-programmatic (npm) Apr 23, 2020
Negative charge in shopping cart in Shopizer Critical
CVE-2020-11007 was published for com.shopizer:sm-core-model (Maven) Apr 22, 2020
Improper Input Validation in Twisted Critical
CVE-2020-10108 was published for Twisted (pip) Mar 31, 2020
Sandbox Breakout / Arbitrary Code Execution in safer-eval Critical
CVE-2019-10769 was published for safer-eval (npm) Dec 11, 2019
Critical severity vulnerability that affects slpjs Critical
CVE-2019-16762 was published for slpjs (npm) Nov 15, 2019
Validation Bypass in slp-validate Critical
CVE-2019-16761 was published for slp-validate (npm) Nov 15, 2019
Improper Input Validation in Automattic Mongoose Critical
CVE-2019-17426 was published for mongoose (npm) Oct 22, 2019
wyardley
Improper Input Validation in simple_form Critical
CVE-2019-16676 was published for simple_form (RubyGems) Sep 30, 2019
kurt-r2c
Arbitrary Code Execution in eslint-utils Critical
CVE-2019-15657 was published for eslint-utils (npm) Aug 26, 2019
Prototype Pollution in lodash Critical
CVE-2019-10744 was published for lodash (npm) Jul 10, 2019
MadsKristensen.AspNetCore.Miniblog subject to Improper Input Validation Critical
CVE-2019-9845 was published for MadsKristensen.AspNetCore.Miniblog (NuGet) Jul 5, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database