Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

94 advisories

Loading
Ansible Code Injection Vulnerability Critical
CVE-2014-4678 was published for ansible (pip) May 24, 2022
Ansible Arbitrary Code Execution Critical
CVE-2014-4967 was published for ansible (pip) May 17, 2022
Ansible Arbitrary Code Execution Critical
CVE-2014-4966 was published for ansible (pip) May 17, 2022
Ankitects Anki arbitrary script execution vulnerability Critical
CVE-2024-26020 was published for anki (pip) Jul 22, 2024
bee-san
NASA AIT-Core vulnerable to remote code execution Critical
CVE-2024-35059 was published for ait-core (pip) May 21, 2024
Apache Traffic Control Traffic Ops Vulnerable to LDAP Injection Critical
CVE-2021-43350 was published for github.com/apache/trafficcontrol (Go) May 24, 2022
willdurand/js-translation-bundle potential path traversal attack and remote code injection Critical
GHSA-x86x-qhf8-f37w was published for willdurand/js-translation-bundle (Composer) Jun 7, 2024
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution Critical
GHSA-cc97-g92w-jm65 was published for typo3/cms-core (Composer) May 30, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-7336-ghhp-f2qj was published for shopware/shopware (Composer) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-q3g4-2vw9-xv27 was published for shopware/shopware (Composer) May 21, 2024
Server-Side Template Injection in formio Critical
CVE-2020-28246 was published for formio (npm) Jun 3, 2022
Codiad remote code execution vulnerability Critical
CVE-2018-14009 was published for codiad/codiad (Composer) May 13, 2022
Fat-Free Framework arbitrary code execution Critical
CVE-2020-5203 was published for bcosca/fatfree (Composer) May 24, 2022
CodeIgniter arbitrary code execution Critical
CVE-2016-10131 was published for codeigniter4/framework (Composer) May 17, 2022
SaltStack Salt is vulnerable to shell injection via ProxyCommand argument Critical
CVE-2021-3197 was published for salt (pip) May 24, 2022
Arbitrary expression injection in Pillow Critical
CVE-2022-22817 was published for Pillow (pip) Jan 12, 2022
G-Rath
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability Critical
CVE-2014-4172 was published for DotNetCasClient (Composer) May 17, 2022
MarkLee131
Server crashes on invalid Cloud Function or Cloud Job name Critical
CVE-2024-29027 was published for parse-server (npm) Mar 19, 2024
mtrezza EhsanParsania
Expression injection in AviatorScript Critical
CVE-2021-41862 was published for com.googlecode.aviator:aviator (Maven) Oct 4, 2021
joelteo-poloniex
Remote code execution via vulnerable Symphony dependecy injection Critical
CVE-2019-8135 was published for magento/community-edition (Composer) Nov 12, 2019
llama-index vulnerable to arbitrary code execution Critical
CVE-2023-39662 was published for llama-index (pip) Aug 15, 2023
KaliforniaShell
Remote Code Execution in SyliusResourceBundle Critical
CVE-2020-15146 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
npm package rfc6902 vulnerable to Prototype Pollution Critical
CVE-2021-4245 was published for rfc6902 (npm) Dec 15, 2022
Apache Derby: LDAP injection vulnerability in authenticator Critical
CVE-2022-46337 was published for org.apache.derby:derby (Maven) Nov 20, 2023
pdeslaur
Langchain SQL Injection vulnerability Critical
CVE-2023-32785 was published for langchain (pip) Oct 21, 2023
ProTip! Advisories are also available from the GraphQL API