Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

70 advisories

Loading
Shescape vulnerable to insufficient escaping of whitespace Critical
CVE-2022-31180 was published for shescape (npm) Jul 15, 2022
kurt-r2c
Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD High
CVE-2022-31179 was published for shescape (npm) Jul 15, 2022
tdunlap607
Possible inject arbitrary `CSS` into the generated graph affecting the container HTML Moderate
CVE-2022-31108 was published for mermaid (npm) Jul 5, 2022
Code injection via SVG file in convert-svg-core High
CVE-2022-24429 was published for convert-svg-core (npm) Jun 11, 2022
Command injection in google-it High
CVE-2021-34083 was published for google-it (npm) Jun 3, 2022
Server-Side Template Injection in formio Critical
CVE-2020-28246 was published for formio (npm) Jun 3, 2022
Command injection in docker-tester High
CVE-2021-34079 was published for docker-tester (npm) Jun 3, 2022
Node-Traceroute RCE Vulnerability Critical
CVE-2018-21268 was published for traceroute (npm) May 24, 2022
Clamscan vulnerable to command injection High
CVE-2020-7613 was published for clamscan (npm) May 24, 2022
component-flatten vulnerable to Prototype Pollution Moderate
CVE-2019-10794 was published for component-flatten (npm) May 24, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov High
CVE-2020-7596 was published for codecov (npm) May 24, 2022
mmcshinsky-bitgo
Improper handling of multiline messages in node-irc affects matrix-appservice-irc High
CVE-2022-29166 was published for matrix-appservice-irc (npm) May 23, 2022
ejs template injection vulnerability Critical
CVE-2022-29078 was published for ejs (npm) Apr 26, 2022
Command injection in simple-git High
CVE-2022-24433 was published for simple-git (npm) Mar 12, 2022
Command injection in Parse Server through prototype pollution Critical
CVE-2022-24760 was published for parse-server (npm) Mar 11, 2022
yuske cristianstaicu
musard mtrezza
Command injection in git-parse High
CVE-2021-26543 was published for git-parse (npm) Feb 10, 2022
Improper file handling in matrix-react-sdk Moderate
CVE-2021-32622 was published for matrix-react-sdk (npm) Feb 10, 2022
Prototype Pollution in undefsafe Moderate
CVE-2019-10795 was published for undefsafe (npm) Feb 9, 2022
RDIL
Prototype Pollution in dot-object Moderate
CVE-2019-10793 was published for dot-object (npm) Feb 9, 2022
RDIL
Header injection in nodemailer Moderate
CVE-2021-23400 was published for nodemailer (npm) Dec 10, 2021
Command Injection in compass-compile Critical
CVE-2020-7635 was published for compass-compile (npm) Dec 9, 2021
RDIL
Risk of code injection High
CVE-2021-21278 was published for rsshub (npm) Oct 12, 2021
Parse Server crashes with query parameter High
CVE-2021-39187 was published for parse-server (npm) Sep 2, 2021
mstniy
Arbitrary Code Execution in json-ptr High
GHSA-rrqv-vjrw-hrcr was published for json-ptr (npm) May 26, 2021
Injection and Command Injection in devcert High
CVE-2020-8186 was published for devcert (npm) May 18, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database