GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
42 advisories
Filter by severity
dns-sync command injection vulnerability
Critical
CVE-2014-9682
was published
for
dns-sync
(npm)
Oct 24, 2017
Arbitrary JavaScript Execution in bassmaster
Critical
CVE-2014-7205
was published
for
bassmaster
(npm)
Oct 24, 2017
Potential Command Injection in printer
Critical
CVE-2014-3741
was published
for
printer
(npm)
Nov 28, 2017
Critical severity vulnerability that affects dns-sync
Critical
GHSA-wxvm-fh75-mpgr
was published
for
dns-sync
(npm)
Jul 26, 2018
•
withdrawn
Command Injection in Xstream
Critical
CVE-2013-7285
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 29, 2019
Improper Authentication in requests-kerberos
Critical
CVE-2014-8650
was published
for
requests-kerberos
(pip)
Mar 10, 2020
Potential Command Injection in hubot-scripts
Critical
CVE-2013-7378
was published
for
hubot-scripts
(npm)
Aug 31, 2020
Potential Command Injection in libnotify
Critical
CVE-2013-7381
was published
for
libnotify
(npm)
Aug 31, 2020
Heap Based Buffer Overflow in libyaml
Critical
CVE-2013-6393
was published
for
libyaml
(npm)
Aug 31, 2020
API Admin Auth Weakness in tomato
Critical
CVE-2013-7379
was published
for
tomato
(npm)
Aug 31, 2020
Authorization Bypass in Spring Security
Critical
CVE-2014-3527
was published
for
org.springframework.security:spring-security-core
(Maven)
Sep 15, 2020
Struts ParameterInterceptor vulnerability allows remote command execution
Critical
CVE-2011-3923
was published
for
org.apache.struts:struts2-core
(Maven)
Apr 22, 2022
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
Critical
CVE-2014-3600
was published
for
org.apache.activemq:activemq-broker
(Maven)
May 14, 2022
Apache ActiveMQ Apollo XXE Vulnerability
Critical
CVE-2014-3579
was published
for
org.apache.activemq:apollo-project
(Maven)
May 14, 2022
karo Metacharacter Handling Remote Command Execution
Critical
CVE-2014-10075
was published
for
karo
(RubyGems)
May 14, 2022
CodeIgniter and Kohana vulnerable to PHP Object Injection
Critical
CVE-2014-8684
was published
for
codeigniter/framework
(Composer)
May 17, 2022
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
Critical
CVE-2014-4172
was published
for
DotNetCasClient
(Composer)
May 17, 2022
JGit Improper Input Validation vulnerability
Critical
CVE-2014-9390
was published
for
org.eclipse.jgit:org.eclipse.jgit
(Maven)
May 17, 2022
Ansible Arbitrary Code Execution
Critical
CVE-2014-4966
was published
for
ansible
(pip)
May 17, 2022
Ansible Arbitrary Code Execution
Critical
CVE-2014-4967
was published
for
ansible
(pip)
May 17, 2022
Spoon Library as used in Fork CMS allows PHP object injection
Critical
CVE-2019-15521
was published
for
spoon/library
(Composer)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21695
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21691
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API