Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

63 advisories

Loading
Arbitrary command execution on Windows via qutebrowserurl: URL handler High
CVE-2021-41146 was published for qutebrowser (pip) Oct 22, 2021
Remote command injection when using sendmail email transport Moderate
GHSA-wfrj-qqc2-83cm was published for ghost (npm) Sep 20, 2021
tdunlap607
Credited to tdunlap607
Header injection possible in Django Moderate
CVE-2021-32052 was published for Django (pip) Jun 9, 2021
Dragonfly contains remote code execution vulnerability Critical
CVE-2021-33564 was published for dragonfly (RubyGems) Jun 2, 2021
Command injection in nodemailer Critical
CVE-2020-7769 was published for nodemailer (npm) May 10, 2021
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial High
CVE-2021-29472 was published for composer/composer (Composer) Apr 29, 2021
thomas-chauchefoin-sonarsource
Credited to thomas-chauchefoin-sonarsource
Null characters not escaped High
CVE-2021-21384 was published for shescape (npm) Mar 18, 2021
Remote code execution in PHPMailer Critical
CVE-2016-10033 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Argument injection in a MimeTypeGuesser in Symfony High
CVE-2019-18888 was published for symfony/http-foundation (Composer) Dec 2, 2019
Prototype Pollution in mixin-deep Critical
CVE-2019-10746 was published for mixin-deep (npm) Aug 27, 2019
Argument Injection in Apache Geode server Moderate
CVE-2017-15694 was published for org.apache.geode:geode-core (Maven) Jun 26, 2019
RubyGems Escape sequence injection vulnerability in verbose High
CVE-2019-8321 was published for rubygems-update (RubyGems) Jun 20, 2019
Arbitrary Code Execution in mathjs Critical
CVE-2017-1001003 was published for mathjs (npm) Dec 18, 2017
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database