GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
22 advisories
Filter by severity
Failure to sanitize quotes which can lead to sql injection in squel
Critical
GHSA-4qhx-g9wp-g9m6
was published
for
squel
(npm)
Jun 14, 2019
Potential Command Injection in hubot-scripts
Critical
CVE-2013-7378
was published
for
hubot-scripts
(npm)
Aug 31, 2020
Command injection in Parse Server through prototype pollution
Critical
CVE-2022-24760
was published
for
parse-server
(npm)
Mar 11, 2022
cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch
Critical
CVE-2022-36084
was published
for
cruddl
(npm)
Sep 16, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution
Critical
CVE-2020-36618
was published
for
whois
(npm)
Dec 19, 2022
ejs template injection vulnerability
Critical
CVE-2022-29078
was published
for
ejs
(npm)
Apr 26, 2022
Shescape vulnerable to insufficient escaping of whitespace
Critical
CVE-2022-31180
was published
for
shescape
(npm)
Jul 15, 2022
Valine code injection vulnerability
Critical
CVE-2022-38545
was published
for
valine
(npm)
Sep 20, 2022
Command injection in samba-client
Critical
CVE-2021-27185
was published
for
samba-client
(npm)
Feb 11, 2021
Command Injection in macfromip
Critical
CVE-2020-7786
was published
for
macfromip
(npm)
Apr 12, 2021
Command injection in spritesheet-js
Critical
CVE-2020-7782
was published
for
spritesheet-js
(npm)
Apr 13, 2021
Command Injection in compass-compile
Critical
CVE-2020-7635
was published
for
compass-compile
(npm)
Dec 9, 2021
@keystone-6/core's NODE_ENV defaults to development with esbuild
Critical
CVE-2022-39382
was published
for
@keystone-6/core
(npm)
Nov 3, 2022
Potential Command Injection in libnotify
Critical
CVE-2013-7381
was published
for
libnotify
(npm)
Aug 31, 2020
Node-Traceroute RCE Vulnerability
Critical
CVE-2018-21268
was published
for
traceroute
(npm)
May 24, 2022
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin
Critical
CVE-2023-22621
was published
for
@strapi/plugin-email
(npm)
Apr 19, 2023
Prototype Pollution in handlebars
Critical
CVE-2019-19919
was published
for
bootstrap-wysihtml5-rails
(RubyGems)
Dec 26, 2019
npm package rfc6902 vulnerable to Prototype Pollution
Critical
CVE-2021-4245
was published
for
rfc6902
(npm)
Dec 15, 2022
Server crashes on invalid Cloud Function or Cloud Job name
Critical
CVE-2024-29027
was published
for
parse-server
(npm)
Mar 19, 2024
Server-Side Template Injection in formio
Critical
CVE-2020-28246
was published
for
formio
(npm)
Jun 3, 2022
ProTip!
Advisories are also available from the
GraphQL API