Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

694 advisories

Loading
Code injection in dolibarr/dolibarr High
CVE-2022-0819 was published for dolibarr/dolibarr (Composer) Mar 3, 2022
Remote CLI Command Execution Vulnerability in CodeIgniter4 Critical
CVE-2022-24711 was published for codeigniter4/framework (Composer) Mar 1, 2022
iRedds
Gitea Remote Code Execution (RCE) Critical
CVE-2018-18926 was published for code.gitea.io/gitea (Go) Feb 15, 2022
Gitea Remote Code Execution High
CVE-2019-11229 was published for github.com/go-gitea/gitea (Go) Feb 15, 2022
Git LFS can execute a Git binary from the current directory on Windows High
CVE-2021-21237 was published for github.com/git-lfs/git-lfs (Go) Feb 15, 2022
Ry0taK
Apache Cassandra vulnerable to Code Injection due to unsafe configuration Critical
CVE-2021-44521 was published for org.apache.cassandra:cassandra-all (Maven) Feb 12, 2022
Insecure template handling in Express-handlebars High
CVE-2021-32820 was published for express-handlebars (npm) Feb 10, 2022
Code injection in Twig High
CVE-2022-23614 was published for twig/twig (Composer) Feb 10, 2022
Arbitrary Code Execution in Handlebars High
CVE-2019-20920 was published for handlebars (npm) Feb 10, 2022
Code Injection in jsen High
CVE-2020-7777 was published for jsen (npm) Feb 10, 2022
Remote code execution in Apache Struts Critical
CVE-2020-17530 was published for org.apache.struts:struts2-core (Maven) Feb 9, 2022
Prototype Pollution leading to Remote Code Execution in superjson Critical
CVE-2022-23631 was published for blitz (npm) Feb 9, 2022
paul-gerste-sonarsource
Remote code execution in Apache ActiveMQ Critical
CVE-2020-11998 was published for org.apache.activemq:activemq-parent (Maven) Feb 9, 2022
sunSUNQ
Joplin Vulnerable to Code Injection Critical
CVE-2022-23340 was published for joplin (npm) Feb 9, 2022
Code injection in ShenYu Critical
CVE-2021-45029 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
Withdrawn: Code Injection in loguru Low
CVE-2022-0329 was published for loguru (pip) Jan 28, 2022 withdrawn
Server Side Twig Template Injection Critical
CVE-2022-21686 was published for prestashop/prestashop (Composer) Jan 27, 2022
Brum3ns
Mustache remote code injection vulnerability High
CVE-2022-0323 was published for mustache/mustache (Composer) Jan 27, 2022
Code Injection in microweber High
CVE-2022-0282 was published for microweber/microweber (Composer) Jan 21, 2022
october/system arbitrary code execution High
CVE-2021-32650 was published for october/system (Composer) Jan 14, 2022
sushiwushi
October/System authenticated file write leads to remote code execution High
CVE-2021-32649 was published for october/system (Composer) Jan 14, 2022
cydave
vault-cli contains possible RCE when reading user-defined data Moderate
CVE-2021-43837 was published for vault-cli (pip) Dec 16, 2021
ewjoachim
Code Injection in md-to-pdf. Critical
CVE-2021-23639 was published for md-to-pdf (npm) Dec 16, 2021
Code Injection in node-rules Critical
CVE-2020-7609 was published for node-rules (npm) Dec 10, 2021
Code Injection in total4 Critical
CVE-2021-23390 was published for total4 (npm) Dec 10, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database