GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
67 advisories
Filter by severity
Code injection via SVG file in convert-svg-core
High
CVE-2022-24429
was published
for
convert-svg-core
(npm)
Jun 11, 2022
Server-Side Template Injection in formio
Critical
CVE-2020-28246
was published
for
formio
(npm)
Jun 3, 2022
Command injection in docker-tester
High
CVE-2021-34079
was published
for
docker-tester
(npm)
Jun 3, 2022
Node-Traceroute RCE Vulnerability
Critical
CVE-2018-21268
was published
for
traceroute
(npm)
May 24, 2022
Clamscan vulnerable to command injection
High
CVE-2020-7613
was published
for
clamscan
(npm)
May 24, 2022
component-flatten vulnerable to Prototype Pollution
Moderate
CVE-2019-10794
was published
for
component-flatten
(npm)
May 24, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov
High
CVE-2020-7596
was published
for
codecov
(npm)
May 24, 2022
Improper handling of multiline messages in node-irc affects matrix-appservice-irc
High
CVE-2022-29166
was published
for
matrix-appservice-irc
(npm)
May 23, 2022
ejs template injection vulnerability
Critical
CVE-2022-29078
was published
for
ejs
(npm)
Apr 26, 2022
Command injection in Parse Server through prototype pollution
Critical
CVE-2022-24760
was published
for
parse-server
(npm)
Mar 11, 2022
Improper file handling in matrix-react-sdk
Moderate
CVE-2021-32622
was published
for
matrix-react-sdk
(npm)
Feb 10, 2022
Prototype Pollution in undefsafe
Moderate
CVE-2019-10795
was published
for
undefsafe
(npm)
Feb 9, 2022
Prototype Pollution in dot-object
Moderate
CVE-2019-10793
was published
for
dot-object
(npm)
Feb 9, 2022
Header injection in nodemailer
Moderate
CVE-2021-23400
was published
for
nodemailer
(npm)
Dec 10, 2021
Command Injection in compass-compile
Critical
CVE-2020-7635
was published
for
compass-compile
(npm)
Dec 9, 2021
Parse Server crashes with query parameter
High
CVE-2021-39187
was published
for
parse-server
(npm)
Sep 2, 2021
Arbitrary Code Execution in json-ptr
High
GHSA-rrqv-vjrw-hrcr
was published
for
json-ptr
(npm)
May 26, 2021
Injection and Command Injection in devcert
High
CVE-2020-8186
was published
for
devcert
(npm)
May 18, 2021
File upload local preview can run embedded scripts after user interaction
Moderate
GHSA-8796-gc9j-63rv
was published
for
matrix-react-sdk
(npm)
May 17, 2021
Arbitrary Code Execution in json-ptr
High
CVE-2020-7766
was published
for
json-ptr
(npm)
May 10, 2021
Injection and Cross-site Scripting in osm-static-maps
High
CVE-2020-7749
was published
for
osm-static-maps
(npm)
May 10, 2021
ProTip!
Advisories are also available from the
GraphQL API