Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

68 advisories

Loading
Denial of Service and Content Injection in i18n-node-angular High
CVE-2016-10524 was published for i18n-node-angular (npm) Feb 18, 2019
Failure to sanitize quotes which can lead to sql injection in squel Critical
GHSA-4qhx-g9wp-g9m6 was published for squel (npm) Jun 14, 2019
Prototype Pollution in handlebars Critical
CVE-2019-19919 was published for bootstrap-wysihtml5-rails (RubyGems) Dec 26, 2019
Remote Code Execution in Angular Expressions High
CVE-2020-5219 was published for angular-expressions (npm) Jan 24, 2020
MaxNad
Prototype pollution in dojo High
CVE-2020-5258 was published for dojo (npm) Mar 10, 2020
Potential Command Injection in hubot-scripts Critical
CVE-2013-7378 was published for hubot-scripts (npm) Aug 31, 2020
Potential Command Injection in libnotify Critical
CVE-2013-7381 was published for libnotify (npm) Aug 31, 2020
HTML Injection in preact Moderate
GHSA-cg48-9hh2-x6mx was published for preact (npm) Sep 2, 2020
Processing untrusted theming resources might execute arbitrary code (ACE) High
CVE-2021-21316 was published for less-openui5 (npm) Jan 29, 2021
Angular Expressions - Remote Code Execution High
CVE-2021-21277 was published for angular-expressions (npm) Feb 1, 2021
Command injection in samba-client Critical
CVE-2021-27185 was published for samba-client (npm) Feb 11, 2021
Remote code execution via the `pretty` option. High
CVE-2021-21353 was published for pug (npm) Mar 3, 2021
Command Injection in macfromip Critical
CVE-2020-7786 was published for macfromip (npm) Apr 12, 2021
Injection in bodymen Moderate
CVE-2019-10792 was published for bodymen (npm) Apr 13, 2021
Command injection in spritesheet-js Critical
CVE-2020-7782 was published for spritesheet-js (npm) Apr 13, 2021
LDAP Injection in is-user-valid High
CVE-2021-23335 was published for is-user-valid (npm) Apr 13, 2021
Arbitrary code execution in ExifTool High
GHSA-4whq-r978-2x68 was published for exiftool-vendored (npm) May 4, 2021
boardhead wbowling
Injection and Cross-site Scripting in osm-static-maps High
CVE-2020-7749 was published for osm-static-maps (npm) May 10, 2021
Arbitrary Code Execution in json-ptr High
CVE-2020-7766 was published for json-ptr (npm) May 10, 2021
tdunlap607
File upload local preview can run embedded scripts after user interaction Moderate
GHSA-8796-gc9j-63rv was published for matrix-react-sdk (npm) May 17, 2021
MR-ZHEEV
Injection and Command Injection in devcert High
CVE-2020-8186 was published for devcert (npm) May 18, 2021
Arbitrary Code Execution in json-ptr High
GHSA-rrqv-vjrw-hrcr was published for json-ptr (npm) May 26, 2021
Parse Server crashes with query parameter High
CVE-2021-39187 was published for parse-server (npm) Sep 2, 2021
mstniy
Risk of code injection High
CVE-2021-21278 was published for rsshub (npm) Oct 12, 2021
Command Injection in compass-compile Critical
CVE-2020-7635 was published for compass-compile (npm) Dec 9, 2021
RDIL
ProTip! Advisories are also available from the GraphQL API