GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,013
Erlang
29
GitHub Actions
16
Go
1,806
Maven
5,000+
npm
3,553
NuGet
632
pip
3,148
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
957 advisories
Filter by severity
Prototype Pollution in deep.assign
Critical
CVE-2021-40663
was published
for
deep.assign
(npm)
Jul 1, 2022
Server-Side Request Forgery in parse-url
Critical
CVE-2022-2216
was published
for
parse-url
(npm)
Jun 28, 2022
Server-Side Request Forgery in kityminder
Critical
CVE-2022-31830
was published
for
kityminder
(npm)
Jun 10, 2022
Server-Side Template Injection in formio
Critical
CVE-2020-28246
was published
for
formio
(npm)
Jun 3, 2022
Improper Neutralization of Special Elements used in a Command in Shell-quote
Critical
CVE-2021-42740
was published
for
shell-quote
(npm)
May 24, 2022
Obsidian does not require user confirmation for non-http/https URLs.
Critical
CVE-2021-38148
was published
for
obsidian
(npm)
May 24, 2022
deep-defaults vulnerable to prototype pollution
Critical
CVE-2021-25944
was published
for
deep-defaults
(npm)
May 24, 2022
Changeset vulnerable to prototype pollution
Critical
CVE-2021-25915
was published
for
changeset
(npm)
May 24, 2022
Remote code execution in vscode-npm-script
Critical
CVE-2021-26700
was published
for
vscode-npm-script
(npm)
May 24, 2022
dset vulnerable to prototype pollution
Critical
CVE-2020-28277
was published
for
dset
(npm)
May 24, 2022
shvl vulnerable to prototype pollution
Critical
CVE-2020-28278
was published
for
shvl
(npm)
May 24, 2022
flattenizer vulnerable to prototype pollution
Critical
CVE-2020-28279
was published
for
flattenizer
(npm)
May 24, 2022
Prototype pollution vulnerability in 'deep-set'
Critical
CVE-2020-28276
was published
for
deep-set
(npm)
May 24, 2022
keyget vulnerable to prototype pollution
Critical
CVE-2020-28272
was published
for
keyget
(npm)
May 24, 2022
Always-Incorrect Control Flow Implementation in Facebook Hermes
Critical
CVE-2020-1914
was published
for
hermes-engine
(npm)
May 24, 2022
Access of Resource Using Incompatible Type in Facebook Hermes
Critical
CVE-2020-1911
was published
for
hermes-engine
(npm)
May 24, 2022
linux-cmdline is vulnerable to Prototype Pollution via the constructor
Critical
CVE-2020-7704
was published
for
linux-cmdline
(npm)
May 24, 2022
Node-Traceroute RCE Vulnerability
Critical
CVE-2018-21268
was published
for
traceroute
(npm)
May 24, 2022
chrome-launcher subject to OS Command Injection
Critical
CVE-2020-7645
was published
for
chrome-launcher
(npm)
May 24, 2022
Improper Neutralization of Special Elements used in an OS Command in Blamer
Critical
CVE-2019-10807
was published
for
blamer
(npm)
May 24, 2022
promise-probe OS command injection vulnerability
Critical
CVE-2019-10791
was published
for
promise-probe
(npm)
May 24, 2022
Duplicate Advisory: tree-kill vulnerable to remote code execution
Critical
GHSA-mxq6-vrrr-ppmg
was published
for
tree-kill
(npm)
May 24, 2022
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API