Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,872 advisories

Loading
Code injection in kill-process-by-name Critical
CVE-2021-23356 was published for kill-process-by-name (npm) Mar 19, 2021
Command Injection in ps-kill Critical
CVE-2021-23355 was published for ps-kill (npm) Mar 19, 2021
Command injection in node-ps Critical
CVE-2020-7785 was published for node-ps (npm) Mar 19, 2021
total.js Remote Code Execution Vulnerability Critical
CVE-2021-23344 was published for total.js (npm) Mar 19, 2021
Command injection in fs-path Critical
CVE-2020-8298 was published for fs-path (npm) Mar 25, 2021
Improper Input Validation in PyYAML Critical
CVE-2020-14343 was published for PyYAML (pip) Mar 25, 2021
Out of bounds write in Pillow Critical
CVE-2021-25289 was published for pillow (pip) Mar 29, 2021
sunSUNQ
Unauthenticated remote code execution in Ignition Critical
CVE-2021-3129 was published for facade/ignition (Composer) Mar 29, 2021
SQL injection in vhs (aka VHS: Fluid ViewHelpers) Critical
CVE-2021-28381 was published for fluidtypo3/vhs (Composer) Mar 29, 2021
Double Free in Adplug Critical
CVE-2019-15151 was published for adplug (NuGet) Mar 29, 2021
Client TLS credentials sent raw to server in npm package nats Critical
GHSA-prmc-5v5w-c465 was published for nats (npm) Apr 6, 2021
Arbitrary code execution in clickhouse-driver Critical
CVE-2020-26759 was published for clickhouse-driver (pip) Apr 7, 2021
xzkostyan
Prototype Pollution in set-or-get Critical
CVE-2021-25913 was published for set-or-get (npm) Apr 12, 2021
Command Injection in macfromip Critical
CVE-2020-7786 was published for macfromip (npm) Apr 12, 2021
Command Injection in async-git Critical
CVE-2020-28490 was published for async-git (npm) Apr 12, 2021
Leak of information via Store-API aggregations in shopware/platform and shopware/core Critical
GHSA-qg7c-q3vq-rgxr was published for shopware/core (Composer) Apr 13, 2021
After order payment process manipulation in shopware/platform and shopware/core Critical
GHSA-88rc-3p98-rgvx was published for shopware/core (Composer) Apr 13, 2021
Command injection in gitlog Critical
CVE-2021-26541 was published for gitlog (npm) Apr 13, 2021
Improper neutralization of arguments in freediskspace Critical
CVE-2020-7775 was published for freediskspace (npm) Apr 13, 2021
Improper Input Validation in network-manager Critical
CVE-2019-10786 was published for network-manager (npm) Apr 13, 2021
Cross-site Scripting (XSS) in Eclipse Theia Critical
CVE-2020-27224 was published for @theia/preview (npm) Apr 13, 2021
Server-Side Request Forgery in private-ip Critical
CVE-2020-28360 was published for private-ip (npm) Apr 13, 2021
Command injection in eslint-fixer Critical
CVE-2021-26275 was published for eslint-fixer (npm) Apr 13, 2021
Command Injection in nuance-gulp-build-common Critical
CVE-2020-28430 was published for nuance-gulp-build-common (npm) Apr 13, 2021 withdrawn
Command injection in launchpad Critical
CVE-2021-23330 was published for launchpad (npm) Apr 13, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database