GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
76 advisories
Filter by severity
actionpack CRLF injection vulnerability
Moderate
CVE-2011-3186
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Arbitrary Code Injection in mobile-icon-resizer
Moderate
GHSA-mxjr-xmcg-fg7w
was published
for
mobile-icon-resizer
(npm)
Jun 27, 2019
Object injection in cookie driver in phpfastcache
Moderate
CVE-2019-16774
was published
for
phpfastcache/phpfastcache
(Composer)
Dec 12, 2019
Arbitrary Code Execution in blazar-dashboard
Moderate
CVE-2020-26943
was published
for
blazar-dashboard
(pip)
Oct 27, 2020
XStream is vulnerable to a Remote Command Execution attack
Moderate
CVE-2021-21345
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible
Moderate
CVE-2020-10684
was published
for
ansible
(pip)
Apr 7, 2021
Insecure template handling in express-hbs
Moderate
CVE-2021-32817
was published
for
express-hbs
(npm)
May 17, 2021
Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality
Moderate
CVE-2021-32809
was published
for
ckeditor4
(npm)
Aug 23, 2021
PHP file inclusion via insert tags
Moderate
CVE-2021-37626
was published
for
contao/contao
(Composer)
Aug 23, 2021
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs
Moderate
CVE-2021-32822
was published
for
hbs
(npm)
Sep 2, 2021
Code Injection in SLO Generator
Moderate
CVE-2021-22557
was published
for
slo-generator
(pip)
Oct 5, 2021
Code injection in `saved_model_cli`
Moderate
CVE-2021-41228
was published
for
tensorflow
(pip)
Nov 10, 2021
vault-cli contains possible RCE when reading user-defined data
Moderate
CVE-2021-43837
was published
for
vault-cli
(pip)
Dec 16, 2021
Mortbay Jetty CRLF Injection Vulnerability
Moderate
CVE-2007-5615
was published
for
org.mortbay.jetty:jetty
(Maven)
May 1, 2022
Robocode Arbitrary Code Execution
Moderate
CVE-2007-6382
was published
for
net.sf.robocode:robocode.core
(Maven)
May 1, 2022
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
Moderate
CVE-2012-0394
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 4, 2022
Improper Control of Generation of Code in Apache Kafka
Moderate
CVE-2018-1288
was published
for
org.apache.kafka:kafka
(Maven)
May 13, 2022
Moodle Authenticated Spelling Binary Remote Code Execution
Moderate
CVE-2013-3630
was published
for
moodle/moodle
(Composer)
May 13, 2022
Securimage HTML Injection
Moderate
CVE-2017-14077
was published
for
dapphp/securimage
(Composer)
May 13, 2022
Apache Tomcat Unrestricted file upload vulnerability
Moderate
CVE-2013-4444
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Moodle remote code execution via quiz questions
Moderate
CVE-2014-3545
was published
for
moodle/moodle
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API