GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
69 advisories
Filter by severity
Denial of Service and Content Injection in i18n-node-angular
High
CVE-2016-10524
was published
for
i18n-node-angular
(npm)
Feb 18, 2019
Failure to sanitize quotes which can lead to sql injection in squel
Critical
GHSA-4qhx-g9wp-g9m6
was published
for
squel
(npm)
Jun 14, 2019
Prototype Pollution in handlebars
Critical
CVE-2019-19919
was published
for
bootstrap-wysihtml5-rails
(RubyGems)
Dec 26, 2019
Remote Code Execution in Angular Expressions
High
CVE-2020-5219
was published
for
angular-expressions
(npm)
Jan 24, 2020
Potential Command Injection in hubot-scripts
Critical
CVE-2013-7378
was published
for
hubot-scripts
(npm)
Aug 31, 2020
Potential Command Injection in libnotify
Critical
CVE-2013-7381
was published
for
libnotify
(npm)
Aug 31, 2020
Processing untrusted theming resources might execute arbitrary code (ACE)
High
CVE-2021-21316
was published
for
less-openui5
(npm)
Jan 29, 2021
Angular Expressions - Remote Code Execution
High
CVE-2021-21277
was published
for
angular-expressions
(npm)
Feb 1, 2021
Command injection in samba-client
Critical
CVE-2021-27185
was published
for
samba-client
(npm)
Feb 11, 2021
Remote code execution via the `pretty` option.
High
CVE-2021-21353
was published
for
pug
(npm)
Mar 3, 2021
Command Injection in macfromip
Critical
CVE-2020-7786
was published
for
macfromip
(npm)
Apr 12, 2021
Command injection in spritesheet-js
Critical
CVE-2020-7782
was published
for
spritesheet-js
(npm)
Apr 13, 2021
LDAP Injection in is-user-valid
High
CVE-2021-23335
was published
for
is-user-valid
(npm)
Apr 13, 2021
Arbitrary code execution in ExifTool
High
GHSA-4whq-r978-2x68
was published
for
exiftool-vendored
(npm)
May 4, 2021
Injection and Cross-site Scripting in osm-static-maps
High
CVE-2020-7749
was published
for
osm-static-maps
(npm)
May 10, 2021
Arbitrary Code Execution in json-ptr
High
CVE-2020-7766
was published
for
json-ptr
(npm)
May 10, 2021
File upload local preview can run embedded scripts after user interaction
Moderate
GHSA-8796-gc9j-63rv
was published
for
matrix-react-sdk
(npm)
May 17, 2021
Injection and Command Injection in devcert
High
CVE-2020-8186
was published
for
devcert
(npm)
May 18, 2021
Arbitrary Code Execution in json-ptr
High
GHSA-rrqv-vjrw-hrcr
was published
for
json-ptr
(npm)
May 26, 2021
Parse Server crashes with query parameter
High
CVE-2021-39187
was published
for
parse-server
(npm)
Sep 2, 2021
Command Injection in compass-compile
Critical
CVE-2020-7635
was published
for
compass-compile
(npm)
Dec 9, 2021
ProTip!
Advisories are also available from the
GraphQL API