GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
48 advisories
Filter by severity
Potential for Script Injection in syntax-error
High
CVE-2014-7192
was published
for
syntax-error
(npm)
Oct 24, 2017
xterm vulnerable to remote code execution
High
CVE-2019-0542
was published
for
xterm
(npm)
Jan 14, 2019
Remote Code Execution in node-os-utils
High
GHSA-j9f8-8h89-j69x
was published
for
node-os-utils
(npm)
Jun 11, 2019
Command Injection in wiki-plugin-datalog
High
GHSA-pm52-wwrw-c282
was published
for
wiki-plugin-datalog
(npm)
Jun 13, 2019
Command injection in node-dns-sync
High
CVE-2020-11079
was published
for
dns-sync
(npm)
May 28, 2020
Sandbox Breakout / Arbitrary Code Execution in static-eval
High
GHSA-x9hc-rw35-f44h
was published
for
static-eval
(npm)
Sep 2, 2020
Arbitrary JavaScript Execution in typed-function
High
CVE-2017-1001004
was published
for
typed-function
(npm)
Sep 2, 2020
Arbitrary Code Execution in handlebars
High
GHSA-2cf5-4w76-r9qv
was published
for
handlebars
(npm)
Sep 4, 2020
Angular Expressions - Remote Code Execution
High
CVE-2021-21277
was published
for
angular-expressions
(npm)
Feb 1, 2021
Code Injection in script-manager
High
CVE-2020-8129
was published
for
script-manager
(npm)
Apr 13, 2021
Code Injection in oauth2-server
High
CVE-2017-18924
was published
for
oauth2-server
(npm)
Apr 22, 2021
Improper Input Validation and Code Injection in pdf-image
High
CVE-2020-8132
was published
for
pdf-image
(npm)
May 10, 2021
Remote Command Execution in reg-keygen-git-hash-plugin
High
CVE-2021-32673
was published
for
reg-keygen-git-hash-plugin
(npm)
Jun 8, 2021
Code injection issue for java-spring-cloud-stream-template
High
CVE-2021-37694
was published
for
@asyncapi/java-spring-cloud-stream-template
(npm)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API