GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,054 advisories
Filter by severity
Shibboleth Service Provider before 3.2.1 allows content injection because template generation...
Moderate
Unreviewed
CVE-2021-28963
was published
May 24, 2022
An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest...
High
Unreviewed
CVE-2023-2760
was published
Jul 17, 2023
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to ...
High
Unreviewed
CVE-2019-17123
was published
May 24, 2022
Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote...
Moderate
Unreviewed
CVE-2019-5977
was published
May 24, 2022
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
Critical
CVE-2014-4172
was published
for
DotNetCasClient
(Composer)
May 17, 2022
Contao Insert tag injection in forms
Moderate
CVE-2020-25768
was published
for
contao/contao
(Composer)
Sep 24, 2020
Arbitrary expression injection in Pillow
Critical
CVE-2022-22817
was published
for
Pillow
(pip)
Jan 12, 2022
SaltStack Salt is vulnerable to shell injection via ProxyCommand argument
Critical
CVE-2021-3197
was published
for
salt
(pip)
May 24, 2022
Reddit Terminal Viewer (RTV) vulnerable to argument injection attacks
High
CVE-2017-17516
was published
for
rtv
(pip)
May 14, 2022
Apache Tomcat improperly escapes input from JsonErrorReportValve
High
CVE-2022-45143
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 3, 2023
CodeIgniter arbitrary code execution
Critical
CVE-2016-10131
was published
for
codeigniter4/framework
(Composer)
May 17, 2022
Rancher code injection via fluentd config commands
High
CVE-2019-12303
was published
for
github.com/rancher/rancher
(Go)
May 24, 2022
SimpleSAMLphp SAML2 library Regular Expression Denial of Service vulnerability
High
CVE-2018-6519
was published
for
simplesamlphp/saml2
(Composer)
May 14, 2022
SilverStripe CSV Excel Macro Injection
Moderate
CVE-2017-18049
was published
for
silverstripe/framework
(Composer)
May 14, 2022
Fat-Free Framework arbitrary code execution
Critical
CVE-2020-5203
was published
for
bcosca/fatfree
(Composer)
May 24, 2022
Codiad remote code execution vulnerability
Critical
CVE-2018-14009
was published
for
codiad/codiad
(Composer)
May 13, 2022
Joomla! Framework Remote Code Injection Vulnerability
High
CVE-2015-8566
was published
for
joomla/session
(Composer)
May 17, 2022
An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions...
Critical
Unreviewed
CVE-2023-33566
was published
Jun 27, 2023
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when...
High
Unreviewed
CVE-2023-26130
was published
May 30, 2023
Server-Side Template Injection in formio
Critical
CVE-2020-28246
was published
for
formio
(npm)
Jun 3, 2022
RDoc RCE vulnerability with .rdoc_options
High
CVE-2024-27281
was published
for
rdoc
(RubyGems)
Mar 25, 2024
Monolog Header injection in NativeMailerHandler
Low
GHSA-f57v-q966-7fh6
was published
for
monolog/monolog
(Composer)
May 15, 2024
Pusher Service Channel Authentication Bypass
Moderate
GHSA-7v7m-pcw5-h3cg
was published
for
pusher/pusher-php-server
(Composer)
May 20, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-q3g4-2vw9-xv27
was published
for
shopware/shopware
(Composer)
May 21, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-7336-ghhp-f2qj
was published
for
shopware/shopware
(Composer)
May 21, 2024
ProTip!
Advisories are also available from the
GraphQL API