Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

225 advisories

Loading
Craft CMS Remote Code Injection Critical
CVE-2021-27903 was published for craftcms/cms (Composer) Jul 2, 2021
Dragonfly contains remote code execution vulnerability Critical
CVE-2021-33564 was published for dragonfly (RubyGems) Jun 2, 2021
Code Injection in node-extend Critical
CVE-2020-7673 was published for node-extend (npm) May 17, 2021
Improper Input Validation in access-policy Critical
CVE-2020-7674 was published for access-policy (npm) May 17, 2021
Code Injection in cd-messenger Critical
CVE-2020-7675 was published for cd-messenger (npm) May 17, 2021
Withdrawn: Arbitrary Code Execution in static-eval Critical
CVE-2021-23334 was published for static-eval (npm) May 6, 2021 withdrawn
Arbitrary Code Execution in underscore Critical
CVE-2021-23358 was published for underscore (npm) May 6, 2021
rajuc075
Remote code execution in handlebars when compiling templates Critical
CVE-2021-23369 was published for handlebars (Maven) May 6, 2021
westonsteimel
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection Critical
CVE-2020-28502 was published for xmlhttprequest (npm) May 4, 2021
Arbitrary code execution in djv Critical
CVE-2020-28464 was published for djv (npm) Apr 13, 2021
Unauthenticated remote code execution in Ignition Critical
CVE-2021-3129 was published for facade/ignition (Composer) Mar 29, 2021
total.js Remote Code Execution Vulnerability Critical
CVE-2021-23344 was published for total.js (npm) Mar 19, 2021
Code injection in nobelprizeparser Critical
GHSA-4wv4-mgfq-598v was published for nobelprizeparser (npm) Mar 12, 2021
PHP Code Injection by malicious function name in smarty Critical
CVE-2021-26120 was published for smarty/smarty (Composer) Feb 26, 2021
stevenseeley
Unsafe eval() in summit allows arbitrary code execution Critical
CVE-2017-16020 was published for summit (npm) Sep 1, 2020
Sandbox Breakout / Arbitrary Code Execution in safe-eval Critical
CVE-2020-7710 was published for safe-eval (npm) Aug 25, 2020
Arbitrary shell command execution in logkitty Critical
CVE-2020-8149 was published for logkitty (npm) Jun 5, 2020
Potential Code Injection in Sprout Forms Critical
CVE-2020-11056 was published for barrelstrength/sprout-base-email (Composer) May 8, 2020
llamaonsecurity
Command Injection in hot-formula-parser Critical
CVE-2020-6836 was published for hot-formula-parser (npm) May 6, 2020
Command Injection in node-df Critical
CVE-2019-15597 was published for node-df (npm) Feb 14, 2020
Sandbox Breakout / Arbitrary Code Execution in safer-eval Critical
CVE-2019-10769 was published for safer-eval (npm) Dec 11, 2019
Symfony Unsafe Cache Serialization Could Enable RCE Critical
CVE-2019-18889 was published for symfony/cache (Composer) Dec 2, 2019
Eval injection in Supybot/Limnoria Critical
CVE-2019-19010 was published for limnoria (pip) Nov 20, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval Critical
CVE-2019-10759 was published for safer-eval (npm) Oct 21, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval Critical
CVE-2019-10760 was published for safer-eval (npm) Oct 17, 2019
ProTip! Advisories are also available from the GraphQL API