Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

268 advisories

Loading
Command Injection in wiki-plugin-datalog High
GHSA-pm52-wwrw-c282 was published for wiki-plugin-datalog (npm) Jun 13, 2019
Remote Code Execution in node-os-utils High
GHSA-j9f8-8h89-j69x was published for node-os-utils (npm) Jun 11, 2019
Potential for Script Injection in syntax-error High
CVE-2014-7192 was published for syntax-error (npm) Oct 24, 2017
RDIL
Sandbox Breakout / Arbitrary Code Execution in static-eval High
GHSA-x9hc-rw35-f44h was published for static-eval (npm) Sep 2, 2020
Arbitrary Code Generation High
CVE-2020-15142 was published for openapi-python-client (pip) Aug 20, 2020
emann dtkav
dbanty westonsteimel
Arbitrary JavaScript Execution in typed-function High
CVE-2017-1001004 was published for typed-function (npm) Sep 2, 2020
Code injection in FreeIPA High
CVE-2019-14867 was published for ipa (pip) Dec 6, 2021
Code injection in Narou High
CVE-2021-35514 was published for narou (RubyGems) Jul 2, 2021
Server-side Template Injection in nystudio107/craft-seomatic High
CVE-2021-44618 was published for nystudio107/craft-seomatic (Composer) Mar 12, 2022
Static Code Injection in Microweber High
CVE-2022-0895 was published for microweber/microweber (Composer) Mar 11, 2022
Code Injection in CRI-O High
CVE-2022-0811 was published for github.com/cri-o/cri-o (Go) Mar 15, 2022
Code injection in accesslog High
CVE-2022-25760 was published for accesslog (npm) Mar 18, 2022
Code Injection in Bolt CMS High
CVE-2021-40219 was published for bolt/core (Composer) Apr 12, 2022
PHPMailer susceptible to arbitrary code execution High
CVE-2008-5619 was published for phpmailer/phpmailer (Composer) May 14, 2022
jhutchings1
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
Prototype pollution in dojo High
CVE-2020-5258 was published for dojo (npm) Mar 10, 2020
Improper Control of Generation of Code in doT High
CVE-2020-8141 was published for dot (npm) May 24, 2022
PHP Code Injection by malicious block or filename in Smarty High
CVE-2022-29221 was published for smarty/smarty (Composer) May 25, 2022
altm4n
Code injection via SVG file in convert-svg-core High
CVE-2022-24429 was published for convert-svg-core (npm) Jun 11, 2022
Code injection in Elefant CMS High
CVE-2017-20064 was published for elefant/cms (Composer) Jun 21, 2022
Code injection in grav High
CVE-2022-2073 was published for getgrav/grav (Composer) Jun 30, 2022
Akeneo PIM Community Edition vulnerable to remote php code execution High
CVE-2022-46157 was published for akeneo/pim-community-dev (Composer) Dec 9, 2022
dustjs-linkedin vulnerable to Prototype Pollution High
CVE-2021-4264 was published for dustjs-linkedin (npm) Dec 21, 2022
Grav's Twig processing allowing dangerous PHP functions by default High
CVE-2021-29440 was published for getgrav/grav (Composer) Apr 16, 2021
thomas-chauchefoin-sonarsource
October CMS Safe Mode bypass leads to authenticated Remote Code Execution High
CVE-2022-35944 was published for october/system (Composer) Oct 13, 2022
cydave daftspunk
ProTip! Advisories are also available from the GraphQL API