GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Content-Security-Policy header generation in middleware could be compromised by malicious injections
High
CVE-2024-29896
was published
for
@kindspells/astro-shield
(npm)
Mar 29, 2024
Flowise Path Injection at /api/v1/openai-assistants-file
High
CVE-2024-36420
was published
for
flowise
(npm)
Aug 5, 2024
Ghost allows CSV Injection during member CSV export
High
CVE-2024-34448
was published
for
@tryghost/members-csv
(npm)
May 22, 2024
TurboBoost Commands vulnerable to arbitrary method invocation
High
CVE-2024-28181
was published
for
@turbo-boost/commands
(RubyGems)
Mar 15, 2024
CouchAuth host header injection vulnerability leaks the password reset token
High
CVE-2023-39655
was published
for
@perfood/couch-auth
(npm)
Jan 3, 2024
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function
High
CVE-2023-26127
was published
for
n158
(npm)
May 27, 2023
HTML injection in search results via plaintext message highlighting
High
CVE-2023-30609
was published
for
matrix-react-sdk
(npm)
Apr 25, 2023
Clamscan vulnerable to command injection
High
CVE-2020-7613
was published
for
clamscan
(npm)
May 24, 2022
Injection and Cross-site Scripting in osm-static-maps
High
CVE-2020-7749
was published
for
osm-static-maps
(npm)
May 10, 2021
Arbitrary Code Execution in json-ptr
High
CVE-2020-7766
was published
for
json-ptr
(npm)
May 10, 2021
Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD
High
CVE-2022-31179
was published
for
shescape
(npm)
Jul 15, 2022
Withdrawn: Octocat.js vulnerable to code injection
High
CVE-2022-39390
was published
for
octocat.js
(npm)
Nov 8, 2022
•
withdrawn
Injection and Command Injection in devcert
High
CVE-2020-8186
was published
for
devcert
(npm)
May 18, 2021
LDAP Injection in is-user-valid
High
CVE-2021-23335
was published
for
is-user-valid
(npm)
Apr 13, 2021
Remote code execution via the `pretty` option.
High
CVE-2021-21353
was published
for
pug
(npm)
Mar 3, 2021
Processing untrusted theming resources might execute arbitrary code (ACE)
High
CVE-2021-21316
was published
for
less-openui5
(npm)
Jan 29, 2021
Angular Expressions - Remote Code Execution
High
CVE-2021-21277
was published
for
angular-expressions
(npm)
Feb 1, 2021
Denial of Service and Content Injection in i18n-node-angular
High
CVE-2016-10524
was published
for
i18n-node-angular
(npm)
Feb 18, 2019
Parse Server crashes with query parameter
High
CVE-2021-39187
was published
for
parse-server
(npm)
Sep 2, 2021
dustjs-linkedin vulnerable to Prototype Pollution
High
CVE-2021-4264
was published
for
dustjs-linkedin
(npm)
Dec 21, 2022
Command injection in docker-tester
High
CVE-2021-34079
was published
for
docker-tester
(npm)
Jun 3, 2022
Code injection via SVG file in convert-svg-core
High
CVE-2022-24429
was published
for
convert-svg-core
(npm)
Jun 11, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov
High
CVE-2020-7596
was published
for
codecov
(npm)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API