GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,054 advisories
Filter by severity
Processing untrusted theming resources might execute arbitrary code (ACE)
High
CVE-2021-21316
was published
for
less-openui5
(npm)
Jan 29, 2021
Query Binding Exploitation
High
CVE-2021-21263
was published
for
illuminate/database
(Composer)
Jan 19, 2021
Injection/XSS in Redcarpet
Moderate
CVE-2020-26298
was published
for
redcarpet
(RubyGems)
Jan 11, 2021
Server-Side Template Injection
High
CVE-2020-26282
was published
for
com.browserup:browserup-proxy
(Maven)
Dec 24, 2020
Denial of service attack via incorrect parameters in Matrix Synapse
Moderate
CVE-2020-26257
was published
for
matrix-synapse
(pip)
Dec 9, 2020
Template injection in cron-utils
Critical
CVE-2020-26238
was published
for
com.cronutils:cron-utils
(Maven)
Nov 24, 2020
Remote code execution in dependabot-core branch names when cloning
High
CVE-2020-26222
was published
for
dependabot-common
(RubyGems)
Nov 13, 2020
Remote Code Execution in Apache Synapse
Critical
CVE-2017-15708
was published
for
org.apache.synapse:synapse-core
(Maven)
Nov 4, 2020
RCE via PHP Object injection via SOAP Requests
High
CVE-2020-15244
was published
for
openmage/magento-lts
(Composer)
Oct 30, 2020
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
High
CVE-2020-15277
was published
for
baserproject/basercms
(Composer)
Oct 30, 2020
RCE in XWiki
High
CVE-2020-15252
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Oct 16, 2020
Potential Remote Code Execution vulnerability
High
CVE-2020-15227
was published
for
nette/application
(Composer)
Oct 2, 2020
Contao Insert tag injection in forms
Moderate
CVE-2020-25768
was published
for
contao/contao
(Composer)
Sep 24, 2020
Users with SCRIPT right can execute arbitrary code in XWiki
Low
CVE-2020-15171
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 10, 2020
Potential Command Injection in libnotify
Critical
CVE-2013-7381
was published
for
libnotify
(npm)
Aug 31, 2020
Potential Command Injection in hubot-scripts
Critical
CVE-2013-7378
was published
for
hubot-scripts
(npm)
Aug 31, 2020
Remote Code Execution in Red Discord Bot
High
CVE-2020-15147
was published
for
Red-DiscordBot
(pip)
Aug 21, 2020
Remote Code Execution in Red Discord Bot
High
CVE-2020-15140
was published
for
Red-DiscordBot
(pip)
Aug 21, 2020
Remote Code Execution in SyliusResourceBundle
High
CVE-2020-15143
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Remote Code Execution in SyliusResourceBundle
Critical
CVE-2020-15146
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
CSS Injection in Chartkick gem
Moderate
CVE-2020-16254
was published
for
chartkick
(RubyGems)
Aug 12, 2020
Server side template injection in Apache Camel
High
CVE-2020-11994
was published
for
org.apache.camel:camel-robotframework
(Maven)
Jul 29, 2020
Remote code execution in turn extension for TYPO3
High
CVE-2020-15515
was published
for
marcwillmann/turn
(Composer)
Jul 29, 2020
ProTip!
Advisories are also available from the
GraphQL API