Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,095 advisories

Loading
HTTP header injection in Sonatype Nexus Repository High
CVE-2021-40143 was published for org.sonatype.nexus:nexus-repository (Maven) Sep 8, 2021
Parse Server crashes with query parameter High
CVE-2021-39187 was published for parse-server (npm) Sep 2, 2021
mstniy
Arbitrary Code Execution in Rdoc High
CVE-2021-31799 was published for rdoc (RubyGems) Sep 1, 2021
Injection in MockServer Moderate
CVE-2021-32827 was published for org.mock-server:mockserver (Maven) Aug 30, 2021
Code injection in topthink/think Critical
CVE-2020-17952 was published for topthink/think (Composer) Aug 9, 2021
Craft CMS Remote Code Injection Critical
CVE-2021-27903 was published for craftcms/cms (Composer) Jul 2, 2021
CRLF vulnerability in Fiber Moderate
CVE-2020-15111 was published for github.com/gofiber/fiber (Go) Jun 29, 2021
hsblhsn abdshaleh
Improper Neutralization of Special Elements in Output in helm.sh/helm/v3 Moderate
CVE-2021-21303 was published for helm.sh/helm/v3 (Go) Jun 23, 2021
PHPMailer untrusted code may be run from an overridden address validator High
CVE-2021-3603 was published for phpmailer/phpmailer (Composer) Jun 22, 2021
0xcrypto
CRLF injection in urllib3 Moderate
CVE-2020-26137 was published for urllib3 (pip) Jun 18, 2021
Injection in Apache Syncope High
CVE-2020-1961 was published for org.apache.syncope:syncope-core (Maven) Jun 16, 2021
Command injection in Apache Unomi High
CVE-2021-31164 was published for org.apache.unomi:unomi (Maven) Jun 16, 2021
Arbitrary Code Execution in json-ptr High
GHSA-rrqv-vjrw-hrcr was published for json-ptr (npm) May 26, 2021
plugin.yaml file allows for duplicate entries in helm Low
CVE-2020-15187 was published for helm.sh/helm (Go) May 24, 2021
Improper Sanitizing of plugin names in helm Low
CVE-2020-15186 was published for helm.sh/helm (Go) May 24, 2021
Repository index file allows for duplicates of the same chart entry in helm Low
CVE-2020-15185 was published for helm.sh/helm (Go) May 24, 2021
Aliases are never checked in helm Low
CVE-2020-15184 was published for helm.sh/helm (Go) May 24, 2021
Command injection in Apache Flink Moderate
CVE-2020-1960 was published for org.apache.flink:flink-core (Maven) May 21, 2021
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
Injection and Command Injection in devcert High
CVE-2020-8186 was published for devcert (npm) May 18, 2021
File upload local preview can run embedded scripts after user interaction Moderate
GHSA-8796-gc9j-63rv was published for matrix-react-sdk (npm) May 17, 2021
MR-ZHEEV
Arbitrary Code Execution in json-ptr High
CVE-2020-7766 was published for json-ptr (npm) May 10, 2021
tdunlap607
Injection and Cross-site Scripting in osm-static-maps High
CVE-2020-7749 was published for osm-static-maps (npm) May 10, 2021
Command injection in Gerapy Critical
CVE-2020-7698 was published for gerapy (pip) May 6, 2021
Arbitrary code execution in ExifTool High
GHSA-4whq-r978-2x68 was published for exiftool-vendored (npm) May 4, 2021
boardhead wbowling
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database