GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,768 advisories
Filter by severity
Code injection in RubyGems
High
CVE-2019-8324
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
Command Injection in wiki-plugin-datalog
High
GHSA-pm52-wwrw-c282
was published
for
wiki-plugin-datalog
(npm)
Jun 13, 2019
Remote Code Execution in node-os-utils
High
GHSA-j9f8-8h89-j69x
was published
for
node-os-utils
(npm)
Jun 11, 2019
Bootstrap-sass contains code execution backdoor
Critical
CVE-2019-10842
was published
for
bootstrap-sass
(RubyGems)
Apr 4, 2019
Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client
High
CVE-2019-0222
was published
for
org.apache.activemq:activemq-client
(Maven)
Apr 2, 2019
ipycache is vulnerable to Code Injection
Critical
CVE-2019-7539
was published
for
ipycache
(pip)
Mar 25, 2019
Potential Command Injection in shell-quote
Critical
CVE-2016-10541
was published
for
shell-quote
(npm)
Feb 18, 2019
xterm vulnerable to remote code execution
High
CVE-2019-0542
was published
for
xterm
(npm)
Jan 14, 2019
sqla-yaml-fixtures is vulnerable to Code Injection
High
CVE-2019-3575
was published
for
sqla-yaml-fixtures
(pip)
Jan 4, 2019
Code injection in Danijar Definitions
High
CVE-2018-20325
was published
for
definitions
(pip)
Dec 26, 2018
Spring Security OAuth vulnerable to remote code execution (RCE)
Critical
CVE-2018-1260
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 18, 2018
Improperly Implemented Security Check for Standard in org.springframework:spring-core
Critical
CVE-2018-1275
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Spring Framework allows applications to expose STOMP over WebSocket endpoints
Critical
CVE-2018-1270
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Spring Data Commons remote code injection vulnerability
Critical
CVE-2018-1273
was published
for
org.springframework.data:spring-data-commons
(Maven)
Oct 17, 2018
Arbitrary Code Injection in pouchdb
Critical
CVE-2016-10546
was published
for
pouchdb
(npm)
Jul 26, 2018
Chromium Remote Code Execution in electron
Critical
CVE-2017-16151
was published
for
electron
(npm)
Jul 24, 2018
django_make_app is vulnerable to Code Injection
Critical
CVE-2017-16764
was published
for
django_make_app
(pip)
Jul 13, 2018
ProTip!
Advisories are also available from the
GraphQL API