Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,216 advisories

Loading
Code injection in topthink/think Critical
CVE-2020-17952 was published for topthink/think (Composer) Aug 9, 2021
Craft CMS Remote Code Injection Critical
CVE-2021-27903 was published for craftcms/cms (Composer) Jul 2, 2021
CRLF vulnerability in Fiber Moderate
CVE-2020-15111 was published for github.com/gofiber/fiber (Go) Jun 29, 2021
hsblhsn abdshaleh
Improper Neutralization of Special Elements in Output in helm.sh/helm/v3 Moderate
CVE-2021-21303 was published for helm.sh/helm/v3 (Go) Jun 23, 2021
PHPMailer untrusted code may be run from an overridden address validator High
CVE-2021-3603 was published for phpmailer/phpmailer (Composer) Jun 22, 2021
0xcrypto
CRLF injection in urllib3 Moderate
CVE-2020-26137 was published for urllib3 (pip) Jun 18, 2021
Injection in Apache Syncope High
CVE-2020-1961 was published for org.apache.syncope:syncope-core (Maven) Jun 16, 2021
Command injection in Apache Unomi High
CVE-2021-31164 was published for org.apache.unomi:unomi (Maven) Jun 16, 2021
Arbitrary Code Execution in json-ptr High
GHSA-rrqv-vjrw-hrcr was published for json-ptr (npm) May 26, 2021
plugin.yaml file allows for duplicate entries in helm Low
CVE-2020-15187 was published for helm.sh/helm (Go) May 24, 2021
decsecre583
Improper Sanitizing of plugin names in helm Low
CVE-2020-15186 was published for helm.sh/helm (Go) May 24, 2021
Repository index file allows for duplicates of the same chart entry in helm Low
CVE-2020-15185 was published for helm.sh/helm (Go) May 24, 2021
Aliases are never checked in helm Low
CVE-2020-15184 was published for helm.sh/helm (Go) May 24, 2021
Command injection in Apache Flink Moderate
CVE-2020-1960 was published for org.apache.flink:flink-core (Maven) May 21, 2021
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
decsecre583
Injection and Command Injection in devcert High
CVE-2020-8186 was published for devcert (npm) May 18, 2021
File upload local preview can run embedded scripts after user interaction Moderate
GHSA-8796-gc9j-63rv was published for matrix-react-sdk (npm) May 17, 2021
MR-ZHEEV
Arbitrary Code Execution in json-ptr High
CVE-2020-7766 was published for json-ptr (npm) May 10, 2021
tdunlap607
Injection and Cross-site Scripting in osm-static-maps High
CVE-2020-7749 was published for osm-static-maps (npm) May 10, 2021
Command injection in Gerapy Critical
CVE-2020-7698 was published for gerapy (pip) May 6, 2021
Arbitrary code execution in ExifTool High
GHSA-4whq-r978-2x68 was published for exiftool-vendored (npm) May 4, 2021
boardhead wbowling
Multiple vulnerabilities through filename manipulation in Archive_Tar High
CVE-2020-28949 was published for pear/archive_tar (Composer) Apr 22, 2021
pwntools Server-Side Template Injection (SSTI) vulnerability Critical
CVE-2020-28468 was published for pwntools (pip) Apr 20, 2021
LDAP Injection in is-user-valid High
CVE-2021-23335 was published for is-user-valid (npm) Apr 13, 2021
Command injection in spritesheet-js Critical
CVE-2020-7782 was published for spritesheet-js (npm) Apr 13, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database