GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
220 advisories
Filter by severity
Remote Code Execution in esigate-core
Critical
CVE-2018-1000854
was published
for
org.esigate:esigate-core
(Maven)
Dec 21, 2018
Failure to sanitize quotes which can lead to sql injection in squel
Critical
GHSA-4qhx-g9wp-g9m6
was published
for
squel
(npm)
Jun 14, 2019
Remote code execution via vulnerable Symphony dependecy injection
Critical
CVE-2019-8135
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Prototype Pollution in handlebars
Critical
CVE-2019-19919
was published
for
bootstrap-wysihtml5-rails
(RubyGems)
Dec 26, 2019
Potential Code Injection in Sprout Forms
Critical
CVE-2020-11056
was published
for
barrelstrength/sprout-base-email
(Composer)
May 8, 2020
Remote Code Execution in SyliusResourceBundle
Critical
CVE-2020-15146
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Potential Command Injection in hubot-scripts
Critical
CVE-2013-7378
was published
for
hubot-scripts
(npm)
Aug 31, 2020
Potential Command Injection in libnotify
Critical
CVE-2013-7381
was published
for
libnotify
(npm)
Aug 31, 2020
Remote Code Execution in Apache Synapse
Critical
CVE-2017-15708
was published
for
org.apache.synapse:synapse-core
(Maven)
Nov 4, 2020
Template injection in cron-utils
Critical
CVE-2020-26238
was published
for
com.cronutils:cron-utils
(Maven)
Nov 24, 2020
Command injection in samba-client
Critical
CVE-2021-27185
was published
for
samba-client
(npm)
Feb 11, 2021
Command Injection in macfromip
Critical
CVE-2020-7786
was published
for
macfromip
(npm)
Apr 12, 2021
Command injection in spritesheet-js
Critical
CVE-2020-7782
was published
for
spritesheet-js
(npm)
Apr 13, 2021
pwntools Server-Side Template Injection (SSTI) vulnerability
Critical
CVE-2020-28468
was published
for
pwntools
(pip)
Apr 20, 2021
Craft CMS Remote Code Injection
Critical
CVE-2021-27903
was published
for
craftcms/cms
(Composer)
Jul 2, 2021
Code injection in topthink/think
Critical
CVE-2020-17952
was published
for
topthink/think
(Composer)
Aug 9, 2021
Expression injection in AviatorScript
Critical
CVE-2021-41862
was published
for
com.googlecode.aviator:aviator
(Maven)
Oct 4, 2021
Command injection leading to Remote Code Execution in Apache Storm
Critical
CVE-2021-38294
was published
for
org.apache.storm:storm
(Maven)
Oct 27, 2021
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this...
Critical
Unreviewed
CVE-2021-37040
was published
Dec 9, 2021
Command Injection in compass-compile
Critical
CVE-2020-7635
was published
for
compass-compile
(npm)
Dec 9, 2021
An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the -...
Critical
Unreviewed
CVE-2021-44042
was published
Dec 15, 2021
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could...
Critical
Unreviewed
CVE-2021-45092
was published
Dec 17, 2021
RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely
Critical
Unreviewed
CVE-2021-43439
was published
Dec 21, 2021
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted...
Critical
Unreviewed
CVE-2020-20601
was published
Dec 24, 2021
ProTip!
Advisories are also available from the
GraphQL API