GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
344 advisories
Filter by severity
Failure to sanitize quotes which can lead to sql injection in squel
Critical
GHSA-4qhx-g9wp-g9m6
was published
for
squel
(npm)
Jun 14, 2019
Remote Code Execution in Angular Expressions
High
CVE-2020-5219
was published
for
angular-expressions
(npm)
Jan 24, 2020
Link injection in SimpleSAMLphp
Low
GHSA-2r3v-q9x3-7g46
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
HTTP Response Splitting in Styx
Moderate
CVE-2020-6858
was published
for
com.hotels.styx:styx-api
(Maven)
Mar 3, 2020
Remote Code Execution (RCE) vulnerability in dropwizard-validation
High
CVE-2020-11002
was published
for
io.dropwizard:dropwizard-validation
(Maven)
Apr 10, 2020
CSS Injection in Chartkick gem
Moderate
CVE-2020-16254
was published
for
chartkick
(RubyGems)
Aug 12, 2020
Potential Command Injection in hubot-scripts
Critical
CVE-2013-7378
was published
for
hubot-scripts
(npm)
Aug 31, 2020
Remote Code Execution in esigate-core
Critical
CVE-2018-1000854
was published
for
org.esigate:esigate-core
(Maven)
Dec 21, 2018
Unexpected database bindings
High
GHSA-x7p5-p2c9-phvg
was published
for
illuminate/database
(Composer)
Feb 2, 2021
Authenticated remote code execution
Moderate
GHSA-pjj4-jjgc-h3r8
was published
for
shopware/platform
(Composer)
Mar 12, 2021
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
High
CVE-2020-15277
was published
for
baserproject/basercms
(Composer)
Oct 30, 2020
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
Moderate
GHSA-35fr-h7jr-hh86
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 6, 2019
File upload local preview can run embedded scripts after user interaction
Moderate
GHSA-8796-gc9j-63rv
was published
for
matrix-react-sdk
(npm)
May 17, 2021
Arbitrary code execution in ExifTool
High
GHSA-4whq-r978-2x68
was published
for
exiftool-vendored
(npm)
May 4, 2021
Arbitrary Code Execution in json-ptr
High
GHSA-rrqv-vjrw-hrcr
was published
for
json-ptr
(npm)
May 26, 2021
CSV injection in Craft CMS
High
GHSA-xrpj-f9v6-2332
was published
for
craftcms/cms
(Composer)
Oct 4, 2021
•
withdrawn
io.ratpack:ratpack-core vulnerable to Improper Neutralization of Special Elements in Output ('Injection')
High
CVE-2019-17513
was published
for
io.ratpack:ratpack-core
(Maven)
Oct 21, 2019
Null Byte Injection in Plug.Static
High
CVE-2017-1000052
was published
for
plug
(Erlang)
Apr 12, 2022
Injection in DeltaSpike
Moderate
CVE-2019-12416
was published
for
org.apache.deltaspike:deltaspike
(Maven)
Feb 10, 2022
ExifTool vulnerable to arbitrary code execution
High
GHSA-q95h-cqrv-8jv5
was published
for
exiftool_vendored
(RubyGems)
Jan 20, 2023
Apache Superset vulnerable to Injection
Moderate
CVE-2022-43720
was published
for
apache-superset
(pip)
Jan 16, 2023
Command injection in Parse Server through prototype pollution
Critical
CVE-2022-24760
was published
for
parse-server
(npm)
Mar 11, 2022
Injection in MockServer
Moderate
CVE-2021-32827
was published
for
org.mock-server:mockserver
(Maven)
Aug 30, 2021
ProTip!
Advisories are also available from the
GraphQL API