Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

68 advisories

Loading
actionpack CRLF injection vulnerability Moderate
CVE-2011-3186 was published for actionpack (RubyGems) Oct 24, 2017
Arbitrary Code Injection in mobile-icon-resizer Moderate
GHSA-mxjr-xmcg-fg7w was published for mobile-icon-resizer (npm) Jun 27, 2019
Object injection in cookie driver in phpfastcache Moderate
CVE-2019-16774 was published for phpfastcache/phpfastcache (Composer) Dec 12, 2019
Geolim4
Template Injection in jsrender Moderate
CVE-2016-3942 was published for jsrender (npm) Sep 1, 2020
Arbitrary Code Execution in blazar-dashboard Moderate
CVE-2020-26943 was published for blazar-dashboard (pip) Oct 27, 2020
Code Injection in mquery Moderate
CVE-2020-35149 was published for mquery (npm) Dec 18, 2020
XStream is vulnerable to a Remote Command Execution attack Moderate
CVE-2021-21345 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Insecure template handling in express-hbs Moderate
CVE-2021-32817 was published for express-hbs (npm) May 17, 2021
richardfan0606
Denial of service in Valine Moderate
CVE-2021-34801 was published for valine (npm) Jun 21, 2021
Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality Moderate
CVE-2021-32809 was published for ckeditor4 (npm) Aug 23, 2021
PHP file inclusion via insert tags Moderate
CVE-2021-37626 was published for contao/contao (Composer) Aug 23, 2021
ausi
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs Moderate
CVE-2021-32822 was published for hbs (npm) Sep 2, 2021
Code Injection in SLO Generator Moderate
CVE-2021-22557 was published for slo-generator (pip) Oct 5, 2021
Code injection via unsafe YAML loading Moderate
CVE-2021-43811 was published for sockeye (pip) Dec 9, 2021
Code injection in npm git Moderate
CVE-2021-23632 was published for git (npm) Mar 18, 2022
Mortbay Jetty CRLF Injection Vulnerability Moderate
CVE-2007-5615 was published for org.mortbay.jetty:jetty (Maven) May 1, 2022
Robocode Arbitrary Code Execution Moderate
CVE-2007-6382 was published for net.sf.robocode:robocode.core (Maven) May 1, 2022
Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers Moderate
CVE-2009-0668 was published for ZODB3 (pip) May 2, 2022
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode Moderate
CVE-2012-0394 was published for org.apache.struts.xwork:xwork-core (Maven) May 4, 2022
sunSUNQ MarkLee131
Improper Control of Generation of Code in Apache Kafka Moderate
CVE-2018-1288 was published for org.apache.kafka:kafka (Maven) May 13, 2022
Moodle Authenticated Spelling Binary Remote Code Execution Moderate
CVE-2013-3630 was published for moodle/moodle (Composer) May 13, 2022
Securimage HTML Injection Moderate
CVE-2017-14077 was published for dapphp/securimage (Composer) May 13, 2022
Apache Tomcat Unrestricted file upload vulnerability Moderate
CVE-2013-4444 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
Moodle remote code execution via quiz questions Moderate
CVE-2014-3545 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Improper Control of Generation of Code in Apache Camel Moderate
CVE-2013-4330 was published for org.apache.camel:camel-core (Maven) May 13, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API