Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,015 advisories

Loading
Embedded Malicious Code in node-ipc Critical
CVE-2022-23812 was published for node-ipc (npm) Mar 16, 2022
Prototype Pollution in minimist Critical
CVE-2021-44906 was published for minimist (npm) Mar 18, 2022
alopix ljharb
Prototype Pollution in Sails.js Critical
CVE-2021-44908 was published for sails (npm) Mar 18, 2022
Arbitrary code execution in post-loader Critical
CVE-2022-0748 was published for post-loader (npm) Mar 18, 2022
Prototype Pollution in set-in Critical
CVE-2022-25354 was published for set-in (npm) Mar 18, 2022
Prototype Pollution in libnested Critical
CVE-2022-25352 was published for libnested (npm) Mar 18, 2022
Prototype Pollution in simple-plist Critical
CVE-2022-26260 was published for simple-plist (npm) Mar 23, 2022
radiotech TuurDutoit
Insecure default value for CORS configuration Critical
CVE-2022-26969 was published for directus (npm) Apr 5, 2022
Arbitrary file upload in Ghost Critical
CVE-2022-28397 was published for ghost (npm) Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in Payload Critical
CVE-2022-27952 was published for payload (npm) Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in ButterCMS Critical
CVE-2022-27260 was published for buttercms (npm) Apr 13, 2022
Arbitrary file upload in Ghost Critical
CVE-2022-27139 was published for ghost (npm) Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in Strapi Critical
CVE-2022-27263 was published for strapi (npm) Apr 13, 2022
Command injection in npm-dependency-versions Critical
CVE-2022-29080 was published for npm-dependency-versions (npm) Apr 13, 2022
p-w
Command injection in git-interface Critical
CVE-2022-1440 was published for git-interface (npm) Apr 23, 2022
lirantal
ejs template injection vulnerability Critical
CVE-2022-29078 was published for ejs (npm) Apr 26, 2022
OS Command Injection in git-pull-or-clone Critical
CVE-2022-24437 was published for git-pull-or-clone (npm) May 3, 2022
lirantal
RCE in SiteServer CMS Critical
CVE-2022-28118 was published for siteserver (npm) May 4, 2022
Exposure of Sensitive Information in eventsource Critical
CVE-2022-1650 was published for eventsource (npm) May 13, 2022
macwier veloek
dlannoye
irisnet-crypto RCE Vulnerability Critical
CVE-2019-9115 was published for irisnet-crypto (npm) May 13, 2022
Nuclide Improper Input Validation Critical
CVE-2018-6333 was published for nuclide (npm) May 13, 2022
PIDUsage Enables OS Command Injection Critical
CVE-2017-1000220 was published for pidusage (npm) May 13, 2022
mattberry3
Etherpad Lite Access Restriction Bypass Critical
CVE-2018-6835 was published for ep_etherpad-lite (npm) May 13, 2022
Command injection in workspace-tools Critical
CVE-2022-25865 was published for workspace-tools (npm) May 14, 2022
Prototype Pollution in convict Critical
CVE-2022-21190 was published for convict (npm) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database