GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
662 advisories
Filter by severity
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE...
Critical
Unreviewed
CVE-2021-43882
was published
Dec 16, 2021
Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability
Critical
Unreviewed
CVE-2021-43899
was published
Dec 16, 2021
Internally used text extraction reports allow an attacker to inject code that can be executed by...
Critical
Unreviewed
CVE-2021-44231
was published
Dec 15, 2021
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an...
Critical
Unreviewed
CVE-2021-44529
was published
Dec 9, 2021
Critical vulnerability found in cron-utils
Critical
CVE-2021-41269
was published
for
com.cronutils:cron-utils
(Maven)
Nov 15, 2021
Template injection in thymeleaf-spring5
Critical
CVE-2021-43466
was published
for
org.thymeleaf:thymeleaf-spring5
(Maven)
Nov 10, 2021
Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina
Critical
CVE-2023-23619
was published
for
@asyncapi/modelina
(npm)
Sep 21, 2021
Code injection in codiad
Critical
CVE-2019-19208
was published
for
codiad/codiad
(Composer)
Sep 1, 2021
remote code execution via git repo provider
Critical
CVE-2021-39159
was published
for
binderhub
(pip)
Aug 30, 2021
Craft CMS Remote Code Injection
Critical
CVE-2021-27903
was published
for
craftcms/cms
(Composer)
Jul 2, 2021
Dragonfly contains remote code execution vulnerability
Critical
CVE-2021-33564
was published
for
dragonfly
(RubyGems)
Jun 2, 2021
Code Injection in node-extend
Critical
CVE-2020-7673
was published
for
node-extend
(npm)
May 17, 2021
Improper Input Validation in access-policy
Critical
CVE-2020-7674
was published
for
access-policy
(npm)
May 17, 2021
Code Injection in cd-messenger
Critical
CVE-2020-7675
was published
for
cd-messenger
(npm)
May 17, 2021
Withdrawn: Arbitrary Code Execution in static-eval
Critical
CVE-2021-23334
was published
for
static-eval
(npm)
May 6, 2021
•
withdrawn
Arbitrary Code Execution in underscore
Critical
CVE-2021-23358
was published
for
underscore
(npm)
May 6, 2021
Remote code execution in handlebars when compiling templates
Critical
CVE-2021-23369
was published
for
handlebars
(Maven)
May 6, 2021
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection
Critical
CVE-2020-28502
was published
for
xmlhttprequest
(npm)
May 4, 2021
Unauthenticated remote code execution in Ignition
Critical
CVE-2021-3129
was published
for
facade/ignition
(Composer)
Mar 29, 2021
total.js Remote Code Execution Vulnerability
Critical
CVE-2021-23344
was published
for
total.js
(npm)
Mar 19, 2021
Code injection in nobelprizeparser
Critical
GHSA-4wv4-mgfq-598v
was published
for
nobelprizeparser
(npm)
Mar 12, 2021
ProTip!
Advisories are also available from the
GraphQL API