Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,054 advisories

Loading
Processing untrusted theming resources might execute arbitrary code (ACE) High
CVE-2021-21316 was published for less-openui5 (npm) Jan 29, 2021
Query Binding Exploitation High
CVE-2021-21263 was published for illuminate/database (Composer) Jan 19, 2021
Injection/XSS in Redcarpet Moderate
CVE-2020-26298 was published for redcarpet (RubyGems) Jan 11, 2021
XSS in HtmlSanitizer Low
CVE-2020-26293 was published for HtmlSanitizer (NuGet) Jan 4, 2021
Server-Side Template Injection High
CVE-2020-26282 was published for com.browserup:browserup-proxy (Maven) Dec 24, 2020
pwntester dpowell
Denial of service attack via incorrect parameters in Matrix Synapse Moderate
CVE-2020-26257 was published for matrix-synapse (pip) Dec 9, 2020
Template injection in cron-utils Critical
CVE-2020-26238 was published for com.cronutils:cron-utils (Maven) Nov 24, 2020
pwntester
Remote code execution in dependabot-core branch names when cloning High
CVE-2020-26222 was published for dependabot-common (RubyGems) Nov 13, 2020
mrthankyou
Remote Code Execution in Apache Synapse Critical
CVE-2017-15708 was published for org.apache.synapse:synapse-core (Maven) Nov 4, 2020
RCE via PHP Object injection via SOAP Requests High
CVE-2020-15244 was published for openmage/magento-lts (Composer) Oct 30, 2020
convenient
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0 High
CVE-2020-15277 was published for baserproject/basercms (Composer) Oct 30, 2020
Aquilao
RCE in XWiki High
CVE-2020-15252 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Oct 16, 2020
Potential Remote Code Execution vulnerability High
CVE-2020-15227 was published for nette/application (Composer) Oct 2, 2020
Contao Insert tag injection in forms Moderate
CVE-2020-25768 was published for contao/contao (Composer) Sep 24, 2020
Users with SCRIPT right can execute arbitrary code in XWiki Low
CVE-2020-15171 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 10, 2020
HTML Injection in preact Moderate
GHSA-cg48-9hh2-x6mx was published for preact (npm) Sep 2, 2020
Potential Command Injection in libnotify Critical
CVE-2013-7381 was published for libnotify (npm) Aug 31, 2020
Potential Command Injection in hubot-scripts Critical
CVE-2013-7378 was published for hubot-scripts (npm) Aug 31, 2020
Remote Code Execution in Red Discord Bot High
CVE-2020-15147 was published for Red-DiscordBot (pip) Aug 21, 2020
Jackenmen
Remote Code Execution in Red Discord Bot High
CVE-2020-15140 was published for Red-DiscordBot (pip) Aug 21, 2020
douglascdev
Remote Code Execution in SyliusResourceBundle High
CVE-2020-15143 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
Remote Code Execution in SyliusResourceBundle Critical
CVE-2020-15146 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
CSS Injection in Chartkick gem Moderate
CVE-2020-16254 was published for chartkick (RubyGems) Aug 12, 2020
Server side template injection in Apache Camel High
CVE-2020-11994 was published for org.apache.camel:camel-robotframework (Maven) Jul 29, 2020
Remote code execution in turn extension for TYPO3 High
CVE-2020-15515 was published for marcwillmann/turn (Composer) Jul 29, 2020
ProTip! Advisories are also available from the GraphQL API