Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,634
NuGet
638
pip
3,249
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+

95 advisories

Loading
Code injection in Apache Commons Configuration Critical
CVE-2022-33980 was published for org.apache.commons:commons-configuration2 (Maven) Jul 7, 2022
Code injection in MCMS Critical
CVE-2022-30506 was published for net.mingsoft:ms-mcms (Maven) Jun 3, 2022
Server-Side Template Injection in formio Critical
CVE-2020-28246 was published for formio (npm) Jun 3, 2022
Ansible Code Injection Vulnerability Critical
CVE-2014-4678 was published for ansible (pip) May 24, 2022
Apache Traffic Control Traffic Ops Vulnerable to LDAP Injection Critical
CVE-2021-43350 was published for github.com/apache/trafficcontrol (Go) May 24, 2022
SaltStack Salt is vulnerable to shell injection via ProxyCommand argument Critical
CVE-2021-3197 was published for salt (pip) May 24, 2022
Node-Traceroute RCE Vulnerability Critical
CVE-2018-21268 was published for traceroute (npm) May 24, 2022
Fat-Free Framework arbitrary code execution Critical
CVE-2020-5203 was published for bcosca/fatfree (Composer) May 24, 2022
SEOmatic for CraftCMS allows Server-Side Template Injection Critical
CVE-2020-9757 was published for nystudio107/craft-seomatic (Composer) May 24, 2022
LibreNMS Information Disclosure Critical
CVE-2019-10665 was published for librenms/librenms (Composer) May 24, 2022
Ansible Arbitrary Code Execution Critical
CVE-2014-4967 was published for ansible (pip) May 17, 2022
Ansible Arbitrary Code Execution Critical
CVE-2014-4966 was published for ansible (pip) May 17, 2022
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability Critical
CVE-2014-4172 was published for DotNetCasClient (Composer) May 17, 2022
MarkLee131
CodeIgniter arbitrary code execution Critical
CVE-2016-10131 was published for codeigniter4/framework (Composer) May 17, 2022
Injection in Apache NiFi Critical
CVE-2017-5636 was published for org.apache.nifi:nifi (Maven) May 17, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy Critical
CVE-2015-3253 was published for org.codehaus.groovy:groovy (Maven) May 13, 2022
Codiad remote code execution vulnerability Critical
CVE-2018-14009 was published for codiad/codiad (Composer) May 13, 2022
RubyGem openshift-origin-controller is vulnerable to command injection Critical
CVE-2013-2095 was published for openshift-origin-controller (RubyGems) May 5, 2022
ejs template injection vulnerability Critical
CVE-2022-29078 was published for ejs (npm) Apr 26, 2022
Remote Code Execution in Spring Framework Critical
CVE-2022-22965 was published for org.springframework.boot:spring-boot-starter-web (Maven) Mar 31, 2022
rotilho cdupuis
briandealwis
Command injection in Parse Server through prototype pollution Critical
CVE-2022-24760 was published for parse-server (npm) Mar 11, 2022
yuske cristianstaicu
musard mtrezza
Code injection in ezsystems/ezpublish-kernel Critical
CVE-2022-25337 was published for ezsystems/ezpublish-kernel (Composer) Feb 19, 2022
Server Side Template Injection in MCMS Critical
CVE-2021-46063 was published for net.mingsoft:ms-mcms (Maven) Feb 19, 2022
Injection and Improper Input Validation in Apache Unomi Critical
CVE-2020-13942 was published for org.apache.unomi:unomi (Maven) Feb 10, 2022
Arbitrary expression injection in Pillow Critical
CVE-2022-22817 was published for Pillow (pip) Jan 12, 2022
G-Rath
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database