GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
95 advisories
Filter by severity
Code injection in MCMS
Critical
CVE-2022-30506
was published
for
net.mingsoft:ms-mcms
(Maven)
Jun 3, 2022
Server-Side Template Injection in formio
Critical
CVE-2020-28246
was published
for
formio
(npm)
Jun 3, 2022
Ansible Code Injection Vulnerability
Critical
CVE-2014-4678
was published
for
ansible
(pip)
May 24, 2022
Apache Traffic Control Traffic Ops Vulnerable to LDAP Injection
Critical
CVE-2021-43350
was published
for
github.com/apache/trafficcontrol
(Go)
May 24, 2022
SaltStack Salt is vulnerable to shell injection via ProxyCommand argument
Critical
CVE-2021-3197
was published
for
salt
(pip)
May 24, 2022
Node-Traceroute RCE Vulnerability
Critical
CVE-2018-21268
was published
for
traceroute
(npm)
May 24, 2022
Fat-Free Framework arbitrary code execution
Critical
CVE-2020-5203
was published
for
bcosca/fatfree
(Composer)
May 24, 2022
SEOmatic for CraftCMS allows Server-Side Template Injection
Critical
CVE-2020-9757
was published
for
nystudio107/craft-seomatic
(Composer)
May 24, 2022
LibreNMS Information Disclosure
Critical
CVE-2019-10665
was published
for
librenms/librenms
(Composer)
May 24, 2022
Ansible Arbitrary Code Execution
Critical
CVE-2014-4966
was published
for
ansible
(pip)
May 17, 2022
Ansible Arbitrary Code Execution
Critical
CVE-2014-4967
was published
for
ansible
(pip)
May 17, 2022
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
Critical
CVE-2014-4172
was published
for
DotNetCasClient
(Composer)
May 17, 2022
CodeIgniter arbitrary code execution
Critical
CVE-2016-10131
was published
for
codeigniter4/framework
(Composer)
May 17, 2022
Injection in Apache NiFi
Critical
CVE-2017-5636
was published
for
org.apache.nifi:nifi
(Maven)
May 17, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy
Critical
CVE-2015-3253
was published
for
org.codehaus.groovy:groovy
(Maven)
May 13, 2022
Codiad remote code execution vulnerability
Critical
CVE-2018-14009
was published
for
codiad/codiad
(Composer)
May 13, 2022
RubyGem openshift-origin-controller is vulnerable to command injection
Critical
CVE-2013-2095
was published
for
openshift-origin-controller
(RubyGems)
May 5, 2022
ejs template injection vulnerability
Critical
CVE-2022-29078
was published
for
ejs
(npm)
Apr 26, 2022
Remote Code Execution in Spring Framework
Critical
CVE-2022-22965
was published
for
org.springframework.boot:spring-boot-starter-web
(Maven)
Mar 31, 2022
Command injection in libvcs and vcspull
Critical
CVE-2022-21187
was published
for
libvcs
(pip)
Mar 15, 2022
Command injection in Parse Server through prototype pollution
Critical
CVE-2022-24760
was published
for
parse-server
(npm)
Mar 11, 2022
Code injection in ezsystems/ezpublish-kernel
Critical
CVE-2022-25337
was published
for
ezsystems/ezpublish-kernel
(Composer)
Feb 19, 2022
Server Side Template Injection in MCMS
Critical
CVE-2021-46063
was published
for
net.mingsoft:ms-mcms
(Maven)
Feb 19, 2022
Injection and Improper Input Validation in Apache Unomi
Critical
CVE-2020-13942
was published
for
org.apache.unomi:unomi
(Maven)
Feb 10, 2022
Arbitrary expression injection in Pillow
Critical
CVE-2022-22817
was published
for
Pillow
(pip)
Jan 12, 2022
ProTip!
Advisories are also available from the
GraphQL API