Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,677 advisories

Loading
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection Critical
CVE-2020-28502 was published for xmlhttprequest (npm) May 4, 2021
Remote code execution in handlebars when compiling templates Critical
CVE-2021-23369 was published for handlebars (Maven) May 6, 2021
westonsteimel
Credited to westonsteimel
Command Injection in lodash High
CVE-2021-23337 was published for lodash (RubyGems) May 6, 2021
mitchell-codecov nitaiapiiro
ebickle G-Rath
Credited to mitchell-codecov, nitaiapiiro, ebickle, and G-Rath
Arbitrary Code Execution in underscore Critical
CVE-2021-23358 was published for underscore (npm) May 6, 2021
rajuc075
Credited to rajuc075
Withdrawn: Arbitrary Code Execution in static-eval Critical
CVE-2021-23334 was published for static-eval (npm) May 6, 2021 withdrawn
Code injection in blamer High
CVE-2020-8137 was published for blamer (npm) May 6, 2021
Arbitrary Code Execution in shiba High
CVE-2020-7738 was published for shiba (npm) May 10, 2021
Improper Input Validation and Code Injection in pdf-image High
CVE-2020-8132 was published for pdf-image (npm) May 10, 2021
Insecure template handling in express-hbs Moderate
CVE-2021-32817 was published for express-hbs (npm) May 17, 2021
richardfan0606
Credited to richardfan0606
Code Injection in mosc High
CVE-2020-7672 was published for mosc (npm) May 17, 2021
Code Injection in cd-messenger Critical
CVE-2020-7675 was published for cd-messenger (npm) May 17, 2021
Improper Input Validation in access-policy Critical
CVE-2020-7674 was published for access-policy (npm) May 17, 2021
Code Injection in node-extend Critical
CVE-2020-7673 was published for node-extend (npm) May 17, 2021
Script injection without script or programming rights through Gadget titles High
CVE-2021-32621 was published for org.xwiki.commons:xwiki-commons-core (Maven) May 18, 2021
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
decsecre583
Credited to decsecre583
Dragonfly contains remote code execution vulnerability Critical
CVE-2021-33564 was published for dragonfly (RubyGems) Jun 2, 2021
Remote Command Execution in reg-keygen-git-hash-plugin High
CVE-2021-32673 was published for reg-keygen-git-hash-plugin (npm) Jun 8, 2021
progfay
Credited to progfay
Denial of service in Valine Moderate
CVE-2021-34801 was published for valine (npm) Jun 21, 2021
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows High
CVE-2021-34551 was published for phpmailer/phpmailer (Composer) Jun 22, 2021
Code injection in Narou High
CVE-2021-35514 was published for narou (RubyGems) Jul 2, 2021
Craft CMS Remote Code Injection Critical
CVE-2021-27903 was published for craftcms/cms (Composer) Jul 2, 2021
Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality Moderate
CVE-2021-32809 was published for ckeditor4 (npm) Aug 23, 2021
PHP file inclusion via insert tags Moderate
CVE-2021-37626 was published for contao/contao (Composer) Aug 23, 2021
ausi
Credited to ausi
Code injection issue for java-spring-cloud-stream-template High
CVE-2021-37694 was published for @asyncapi/java-spring-cloud-stream-template (npm) Aug 25, 2021
jonaslagoni
Credited to jonaslagoni
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-39144 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database