Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

311 advisories

Loading
Improper Control of Generation of Code ('Code Injection') in Azure CLI High
CVE-2022-39327 was published for azure-cli (pip) Oct 25, 2022
run-terraform allows for RCE via terraform plan High
CVE-2022-39326 was published for kartverket/github-workflows (GitHub Actions) Oct 19, 2022
eliihen
October CMS Safe Mode bypass leads to authenticated Remote Code Execution High
CVE-2022-35944 was published for october/system (Composer) Oct 13, 2022
cydave daftspunk
Powerline Gitstatus vulnerable to arbitrary code execution High
CVE-2022-42906 was published for powerline-gitstatus (pip) Oct 13, 2022
PHPMailer vulnerable to email header injection High
CVE-2012-0796 was published for phpmailer/phpmailer (Composer) Oct 6, 2022
Poetry Argument Injection can lead to Local Code Execution High
CVE-2022-36069 was published for poetry (pip) Sep 16, 2022
paul-gerste-sonarsource neersighted
Code injection in grav High
CVE-2022-2073 was published for getgrav/grav (Composer) Jun 30, 2022
Code injection in Elefant CMS High
CVE-2017-20064 was published for elefant/cms (Composer) Jun 21, 2022
Command Injection in Nuitka High
CVE-2022-2054 was published for Nuitka (pip) Jun 13, 2022
Code injection via SVG file in convert-svg-core High
CVE-2022-24429 was published for convert-svg-core (npm) Jun 11, 2022
PHP Code Injection by malicious block or filename in Smarty High
CVE-2022-29221 was published for smarty/smarty (Composer) May 25, 2022
altm4n
Code injection in `saved_model_cli` in TensorFlow High
CVE-2022-29216 was published for tensorflow (pip) May 24, 2022
TYPO3 Image Processing susceptible to Code Execution High
CVE-2019-11832 was published for typo3/cms (Composer) May 24, 2022
ohader
Obsidian Dataview vulnerable to code injection due to unsafe eval High
CVE-2021-42057 was published for obsidian-dataview (npm) May 24, 2022
GramAddict bot uses dependency with reverse tcp backdoor High
CVE-2020-36245 was published for GramAddict (pip) May 24, 2022
Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration High
CVE-2021-20187 was published for moodle/moodle (Composer) May 24, 2022
phpBB arbitrary CSS injection High
CVE-2019-16108 was published for phpbb/phpbb (Composer) May 24, 2022
Improper Control of Generation of Code in doT High
CVE-2020-8141 was published for dot (npm) May 24, 2022
Magento Remote code execution through catalog attribute sets High
CVE-2019-8231 was published for magento/core (Composer) May 24, 2022
Magento Remote code execution through support/output path modification High
CVE-2019-8230 was published for magento/core (Composer) May 24, 2022
Yii Framework Code Injection High
CVE-2018-8074 was published for yiisoft/yii2-dev (Composer) May 24, 2022
Magento 2 Community Edition RCE Vulnerability High
CVE-2019-7932 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition RCE High
CVE-2019-7942 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition RCE Vulnerability High
CVE-2019-7903 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition Unsafe File Upload High
CVE-2019-7871 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database