GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
Arbitrary Code Execution in mathjs
Critical
CVE-2017-1001003
was published
for
mathjs
(npm)
Dec 18, 2017
Prototype Pollution in mixin-deep
Critical
CVE-2019-10746
was published
for
mixin-deep
(npm)
Aug 27, 2019
Command injection in nodemailer
Critical
CVE-2020-7769
was published
for
nodemailer
(npm)
May 10, 2021
Dragonfly contains remote code execution vulnerability
Critical
CVE-2021-33564
was published
for
dragonfly
(RubyGems)
Jun 2, 2021
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
Critical
CVE-2021-21386
was published
for
APKLeaks
(pip)
Jan 21, 2022
Arbitrary code execution in H2 Console
Critical
CVE-2022-23221
was published
for
com.h2database:h2
(Maven)
Jan 21, 2022
Command Injection Vulnerability with Mercurial in VCS
Critical
CVE-2022-21235
was published
for
github.com/Masterminds/vcs
(Go)
Apr 1, 2022
Command injection in git-interface
Critical
CVE-2022-1440
was published
for
git-interface
(npm)
Apr 23, 2022
Argument injection in python-libnmap
Critical
CVE-2022-30284
was published
for
python-libnmap
(pip)
May 6, 2022
Arbitrary file write in dragonfly
Critical
CVE-2021-33473
was published
for
dragonfly
(RubyGems)
Jun 3, 2022
Apache Hadoop argument injection vulnerability
Critical
CVE-2022-25168
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Aug 5, 2022
Gitea vulnerable to Argument Injection
Critical
CVE-2022-42968
was published
for
github.com/go-gitea/gitea
(Go)
Oct 16, 2022
Code execution in Embedchain
Critical
CVE-2024-23731
was published
for
embedchain
(pip)
Jan 21, 2024
HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches
Critical
CVE-2024-3817
was published
for
github.com/hashicorp/go-getter
(Go)
Apr 17, 2024
github.com/gogs/gogs affected by CVE-2024-39930
Critical
CVE-2024-39930
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
ProTip!
Advisories are also available from the
GraphQL API