Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

148 advisories

Loading
SaltStack Salt Unauthenticated Remote Code Execution Critical
CVE-2020-11651 was published for salt (pip) May 24, 2022
papercrop does not properly handle crop input Critical
CVE-2015-2784 was published for papercrop (RubyGems) May 24, 2022
HashBrown CMS RCE Critical
CVE-2020-6948 was published for hashbrown-cms (npm) May 24, 2022
sr_freecap for Typo3 RCE Vulnerability Critical
CVE-2019-16699 was published for sjbr/sr-freecap (Composer) May 24, 2022
glot-code-runner RCE Critical
CVE-2018-15747 was published for github.com/prasmussen/glot-code-runner (Go) May 24, 2022
Ansible Remote Code Execution Critical
CVE-2014-4657 was published for ansible (pip) May 17, 2022
JGit Improper Input Validation vulnerability Critical
CVE-2014-9390 was published for mercurial (Maven) May 17, 2022
OpenStack Murano Code Execution Critical
CVE-2016-4972 was published for murano (pip) May 17, 2022
Remote Code Execution in Apache Struts Critical
CVE-2016-3082 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
Radicale vulnerable to arbitrary file read or write Critical
CVE-2015-8747 was published for Radicale (pip) May 17, 2022
Improper Input Validation in Jupyter Notebook Critical
CVE-2015-7337 was published for ipython (pip) May 17, 2022
Improper Input Validation in IpMatcher Critical
CVE-2021-33318 was published for IpMatcher (NuGet) May 17, 2022
Cobbler vulnerable to arbitrary code execution Critical
CVE-2017-1000469 was published for cobbler (pip) May 14, 2022
Apache NiFi XSS issue in context path handling Critical
CVE-2017-15697 was published for org.apache.nifi:nifi (Maven) May 14, 2022
Improper Input Validation in Deap Critical
CVE-2018-3749 was published for deap (npm) May 14, 2022
Shopware RCE Vulnerability Critical
CVE-2016-3109 was published for shopware/shopware (Composer) May 14, 2022
Elefant CMS Improper Input Validation Critical
CVE-2018-15601 was published for elefant/cms (Composer) May 14, 2022
Mercurial vulnerable to arbitrary command execution via a crafted repository name in a clone command Critical
CVE-2014-9462 was published for mercurial (pip) May 14, 2022
Drupal Core Remote Code Execution Vulnerability Critical
CVE-2018-7600 was published for drupal/core (Composer) May 14, 2022
Improper Input Validation in Apache ActiveMQ Critical
CVE-2016-3088 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
Apache Struts vulnerable to arbitrary remote code execution due to improper input validation Critical
CVE-2016-3087 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
Arbitrary code execution in Apache Struts 2 Critical
CVE-2016-4438 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
Etherpad Lite Access Restriction Bypass Critical
CVE-2018-6835 was published for ep_etherpad-lite (npm) May 13, 2022
Nuclide Improper Input Validation Critical
CVE-2018-6333 was published for nuclide (npm) May 13, 2022
Improper Input Validation in Apache ActiveMQ Critical
CVE-2015-5254 was published for org.apache.activemq:activemq-client (Maven) May 13, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database