Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,976
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,528
NuGet
615
pip
3,099
Pub
10
RubyGems
837
Rust
785
Swift
34
Unreviewed advisories
All unreviewed
5,000+

955 advisories

Loading
Total.js CMS RCE Vulnerability Critical
CVE-2019-15954 was published for total4 (npm) May 24, 2022
Formidable arbitrary file upload Critical
CVE-2022-29622 was published for formidable (npm) May 17, 2022 withdrawn
Withdrawn: Code execution via SVG file upload in tiddlywiki Critical
CVE-2022-29351 was published for tiddlywiki (npm) May 17, 2022 withdrawn
mxGraph vulnerable to XXE attacks Critical
CVE-2017-18197 was published for mxgraph (npm) May 14, 2022
Improper Input Validation in Deap Critical
CVE-2018-3749 was published for deap (npm) May 14, 2022
Prototype Pollution in convict Critical
CVE-2022-21190 was published for convict (npm) May 14, 2022
Command injection in workspace-tools Critical
CVE-2022-25865 was published for workspace-tools (npm) May 14, 2022
Etherpad Lite Access Restriction Bypass Critical
CVE-2018-6835 was published for ep_etherpad-lite (npm) May 13, 2022
PIDUsage Enables OS Command Injection Critical
CVE-2017-1000220 was published for pidusage (npm) May 13, 2022
Nuclide Improper Input Validation Critical
CVE-2018-6333 was published for nuclide (npm) May 13, 2022
irisnet-crypto RCE Vulnerability Critical
CVE-2019-9115 was published for irisnet-crypto (npm) May 13, 2022
Exposure of Sensitive Information in eventsource Critical
CVE-2022-1650 was published for eventsource (npm) May 13, 2022
macwier veloek
dlannoye
RCE in SiteServer CMS Critical
CVE-2022-28118 was published for siteserver (npm) May 4, 2022
OS Command Injection in git-pull-or-clone Critical
CVE-2022-24437 was published for git-pull-or-clone (npm) May 3, 2022
lirantal
ejs template injection vulnerability Critical
CVE-2022-29078 was published for ejs (npm) Apr 26, 2022
Command injection in git-interface Critical
CVE-2022-1440 was published for git-interface (npm) Apr 23, 2022
lirantal
Command injection in npm-dependency-versions Critical
CVE-2022-29080 was published for npm-dependency-versions (npm) Apr 13, 2022
p-w
Unrestricted Upload of File with Dangerous Type in Strapi Critical
CVE-2022-27263 was published for strapi (npm) Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in ButterCMS Critical
CVE-2022-27260 was published for buttercms (npm) Apr 13, 2022
Arbitrary file upload in Ghost Critical
CVE-2022-27139 was published for ghost (npm) Apr 13, 2022
Arbitrary file upload in Ghost Critical
CVE-2022-28397 was published for ghost (npm) Apr 13, 2022
Unrestricted Upload of File with Dangerous Type in Payload Critical
CVE-2022-27952 was published for payload (npm) Apr 13, 2022
Insecure default value for CORS configuration Critical
CVE-2022-26969 was published for directus (npm) Apr 5, 2022
Prototype Pollution in simple-plist Critical
CVE-2022-26260 was published for simple-plist (npm) Mar 23, 2022
radiotech TuurDutoit
Arbitrary code execution in post-loader Critical
CVE-2022-0748 was published for post-loader (npm) Mar 18, 2022
ProTip! Advisories are also available from the GraphQL API