GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,036
Erlang
29
GitHub Actions
18
Go
1,848
Maven
5,000+
npm
3,582
NuGet
636
pip
3,165
Pub
10
RubyGems
850
Rust
803
Swift
34
Unreviewed advisories
All unreviewed
5,000+
132 advisories
Filter by severity
Command Injection in npm-git-publish
Critical
GHSA-49mg-94fc-2fx6
was published
for
npm-git-publish
(npm)
Sep 4, 2020
Command Injection in meta-git
Critical
GHSA-qcff-ffx3-m25c
was published
for
meta-git
(npm)
Sep 4, 2020
Command Injection in plotter
Critical
GHSA-65xx-c85x-wg76
was published
for
plotter
(npm)
Sep 4, 2020
Command Injection in gnuplot
Critical
GHSA-cfwc-xjfp-44jg
was published
for
gnuplot
(npm)
Sep 4, 2020
Command Injection in priest-runner
Critical
GHSA-9px9-f7jw-fwhj
was published
for
priest-runner
(npm)
Sep 3, 2020
Command Injection in node-wifi
Critical
GHSA-4x6x-782q-jfc4
was published
for
node-wifi
(npm)
Sep 3, 2020
Command Injection in bestzip
Critical
GHSA-4qqc-mp5f-ccv4
was published
for
bestzip
(npm)
Sep 2, 2020
Command Injection in samsung-remote
Critical
GHSA-xhjx-mfr6-9rr4
was published
for
samsung-remote
(npm)
Sep 1, 2020
Remote code execution in PHPMailer
Critical
CVE-2016-10033
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Remote code execution in PHPMailer
Critical
CVE-2016-10045
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Command Injection in command-exists
Critical
GHSA-cff4-rrq6-h78w
was published
for
command-exists
(npm)
Jun 3, 2019
Command Injection in Xstream
Critical
CVE-2013-7285
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 29, 2019
Use of Insufficiently Random Values in Railties Allows Remote Code Execution
Critical
CVE-2019-5420
was published
for
railties
(RubyGems)
Mar 13, 2019
Critical severity vulnerability that affects Haraka
Critical
CVE-2016-1000282
was published
for
Haraka
(npm)
Feb 12, 2019
Command Injection in apex-publish-static-files
Critical
CVE-2018-16462
was published
for
apex-publish-static-files
(npm)
Nov 1, 2018
Ansible fails to properly sanitize fact variables sent from the Ansible controller
Critical
CVE-2016-8628
was published
for
ansible
(pip)
Oct 10, 2018
Command Injection in egg-scripts
Critical
CVE-2018-3786
was published
for
egg-scripts
(npm)
Sep 17, 2018
Git-fastclone passes user modifiable strings directly to a shell command
Critical
CVE-2015-8969
was published
for
git-fastclone
(RubyGems)
Aug 15, 2018
ProTip!
Advisories are also available from the
GraphQL API