Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

31 advisories

Loading
Ghost allows CSV Injection during member CSV export High
CVE-2024-34448 was published for @tryghost/members-csv (npm) May 22, 2024
Content-Security-Policy header generation in middleware could be compromised by malicious injections High
CVE-2024-29896 was published for @kindspells/astro-shield (npm) Mar 29, 2024
castarco
TurboBoost Commands vulnerable to arbitrary method invocation High
CVE-2024-28181 was published for @turbo-boost/commands (RubyGems) Mar 15, 2024
CouchAuth host header injection vulnerability leaks the password reset token High
CVE-2023-39655 was published for @perfood/couch-auth (npm) Jan 3, 2024
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function High
CVE-2023-26127 was published for n158 (npm) May 27, 2023
HTML injection in search results via plaintext message highlighting High
CVE-2023-30609 was published for matrix-react-sdk (npm) Apr 25, 2023
dustjs-linkedin vulnerable to Prototype Pollution High
CVE-2021-4264 was published for dustjs-linkedin (npm) Dec 21, 2022
Withdrawn: Octocat.js vulnerable to code injection High
CVE-2022-39390 was published for octocat.js (npm) Nov 8, 2022 withdrawn
Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD High
CVE-2022-31179 was published for shescape (npm) Jul 15, 2022
tdunlap607
Code injection via SVG file in convert-svg-core High
CVE-2022-24429 was published for convert-svg-core (npm) Jun 11, 2022
Command injection in google-it High
CVE-2021-34083 was published for google-it (npm) Jun 3, 2022
Command injection in docker-tester High
CVE-2021-34079 was published for docker-tester (npm) Jun 3, 2022
Clamscan vulnerable to command injection High
CVE-2020-7613 was published for clamscan (npm) May 24, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov High
CVE-2020-7596 was published for codecov (npm) May 24, 2022
mmcshinsky-bitgo
Improper handling of multiline messages in node-irc affects matrix-appservice-irc High
CVE-2022-29166 was published for matrix-appservice-irc (npm) May 23, 2022
Command injection in simple-git High
CVE-2022-24433 was published for simple-git (npm) Mar 12, 2022
Command injection in git-parse High
CVE-2021-26543 was published for git-parse (npm) Feb 10, 2022
Risk of code injection High
CVE-2021-21278 was published for rsshub (npm) Oct 12, 2021
Parse Server crashes with query parameter High
CVE-2021-39187 was published for parse-server (npm) Sep 2, 2021
mstniy
Arbitrary Code Execution in json-ptr High
GHSA-rrqv-vjrw-hrcr was published for json-ptr (npm) May 26, 2021
Injection and Command Injection in devcert High
CVE-2020-8186 was published for devcert (npm) May 18, 2021
Arbitrary Code Execution in json-ptr High
CVE-2020-7766 was published for json-ptr (npm) May 10, 2021
tdunlap607
Injection and Cross-site Scripting in osm-static-maps High
CVE-2020-7749 was published for osm-static-maps (npm) May 10, 2021
Arbitrary code execution in ExifTool High
GHSA-4whq-r978-2x68 was published for exiftool-vendored (npm) May 4, 2021
boardhead wbowling
LDAP Injection in is-user-valid High
CVE-2021-23335 was published for is-user-valid (npm) Apr 13, 2021
ProTip! Advisories are also available from the GraphQL API