Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,016 advisories

Loading
ejs template injection vulnerability Critical
CVE-2022-29078 was published for ejs (npm) Apr 26, 2022
Command injection in git-interface Critical
CVE-2022-1440 was published for git-interface (npm) Apr 23, 2022
lirantal
Command injection in npm-dependency-versions Critical
CVE-2022-29080 was published for npm-dependency-versions (npm) Apr 13, 2022
p-w
Unrestricted Upload of File with Dangerous Type in Strapi Critical
CVE-2022-27263 was published for strapi (npm) Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in ButterCMS Critical
CVE-2022-27260 was published for buttercms (npm) Apr 13, 2022
Arbitrary file upload in Ghost Critical
CVE-2022-27139 was published for ghost (npm) Apr 13, 2022
Arbitrary file upload in Ghost Critical
CVE-2022-28397 was published for ghost (npm) Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in Payload Critical
CVE-2022-27952 was published for payload (npm) Apr 13, 2022
Insecure default value for CORS configuration Critical
CVE-2022-26969 was published for directus (npm) Apr 5, 2022
Prototype Pollution in simple-plist Critical
CVE-2022-26260 was published for simple-plist (npm) Mar 23, 2022
radiotech TuurDutoit
Prototype Pollution in Sails.js Critical
CVE-2021-44908 was published for sails (npm) Mar 18, 2022
Arbitrary code execution in post-loader Critical
CVE-2022-0748 was published for post-loader (npm) Mar 18, 2022
Prototype Pollution in set-in Critical
CVE-2022-25354 was published for set-in (npm) Mar 18, 2022
Prototype Pollution in libnested Critical
CVE-2022-25352 was published for libnested (npm) Mar 18, 2022
Prototype Pollution in minimist Critical
CVE-2021-44906 was published for minimist (npm) Mar 18, 2022
alopix ljharb
Embedded Malicious Code in node-ipc Critical
CVE-2022-23812 was published for node-ipc (npm) Mar 16, 2022
Command injection in Parse Server through prototype pollution Critical
CVE-2022-24760 was published for parse-server (npm) Mar 11, 2022
yuske cristianstaicu
musard mtrezza
OS Command Injection in GenieACS Critical
CVE-2021-46704 was published for genieacs (npm) Mar 7, 2022
OS Command injection in npm-lockfile Critical
CVE-2022-0841 was published for npm-lockfile (npm) Mar 4, 2022
ljharb
Authorization Bypass Through User-Controlled Key in url-parse Critical
CVE-2022-0686 was published for url-parse (npm) Feb 21, 2022
Prototype Pollution in object-extend Critical
CVE-2021-23702 was published for object-extend (npm) Feb 19, 2022
Prototype pollution in Plist before 3.0.5 can cause denial of service Critical
CVE-2022-22912 was published for plist (npm) Feb 18, 2022
mario-canva
Prototype Pollution in litespeed.js and appwrite/server-ce Critical
CVE-2021-23682 was published for appwrite/server-ce (Composer) Feb 17, 2022
Sandbox bypass in vm2 Critical
CVE-2021-23555 was published for vm2 (npm) Feb 12, 2022
Prototype Pollution in mixme Critical
CVE-2021-28860 was published for mixme (npm) Feb 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database