GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,974
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,984
npm
3,523
NuGet
611
pip
3,098
Pub
10
RubyGems
834
Rust
784
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,427 advisories
Filter by severity
Composer JavaScript injection possible via html comments
Moderate
CVE-2019-8233
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Remote code execution in PHPMailer
Critical
CVE-2016-10033
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
OS Command Injection in pulverizr
Critical
CVE-2020-7604
was published
for
pulverizr
(npm)
May 7, 2021
Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation
High
CVE-2023-28433
was published
for
github.com/minio/minio
(Go)
Sep 6, 2023
HashiCorp Consul vulnerable to authorization bypass
Moderate
CVE-2022-40716
was published
for
github.com/hashicorp/consul
(Go)
Sep 25, 2022
Unsafe plugins can be installed via pack import by tenant admins
High
GHSA-wxf3-4fvj-vqqx
was published
for
@saltcorn/cli
(npm)
Jul 27, 2023
OS Command Injection in closure-compiler-stream
Critical
CVE-2020-7603
was published
for
closure-compiler-stream
(npm)
May 7, 2021
rendertron can remotely shut down Chrome instance
High
CVE-2017-18353
was published
for
rendertron
(npm)
Jan 4, 2019
dalek-browser-chrome Downloads Resources over HTTP
High
CVE-2016-10604
was published
for
dalek-browser-chrome
(npm)
Feb 18, 2019
Directory Traversal in tinyserver2
High
CVE-2017-16085
was published
for
tinyserver2
(npm)
Jul 24, 2018
hubl-server downloads resources over HTTP
High
CVE-2017-16035
was published
for
hubl-server
(npm)
Jul 24, 2018
ReDoS via long UserAgent header in useragent
High
CVE-2017-16030
was published
for
useragent
(npm)
Jul 24, 2018
Directory Traversal in list-n-stream
High
CVE-2017-16084
was published
for
list-n-stream
(npm)
Jul 24, 2018
chrome-launcher subject to OS Command Injection
Critical
CVE-2020-7645
was published
for
chrome-launcher
(npm)
May 24, 2022
Prototype pollution in paypal-adaptive
Moderate
CVE-2020-7643
was published
for
paypal-adaptive
(npm)
Dec 10, 2021
Cosmos-SDK Cosmovisor component may be vulnerable to denial of service
Moderate
GHSA-23px-mw2p-46qm
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Sep 6, 2023
Command Injection in geojson2kml
Critical
CVE-2020-28429
was published
for
geojson2kml
(npm)
May 10, 2021
ProTip!
Advisories are also available from the
GraphQL API