Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

38 advisories

Loading
TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution High
CVE-2026-29186 was published for @backstage/plugin-techdocs-node (npm) Mar 5, 2026
Ghost Vulnerable to Remote Code Execution via Malicious Themes High
CVE-2026-29053 was published for ghost (npm) Mar 3, 2026
cristianstaicu Credited to cristianstaicu
Koa has Host Header Injection via ctx.hostname High
CVE-2026-27959 was published for koa (npm) Feb 26, 2026
p80n-sec Credited to p80n-sec
Storybook Dev Server is Vulnerable to WebSocket Hijacking High
CVE-2026-27148 was published for storybook (npm) Feb 26, 2026
Aikido-Security Credited to Aikido-Security, reindaelman, grumpinout1, and JorianWoltjer reindaelman reindaelman
grumpinout1 grumpinout1 JorianWoltjer JorianWoltjer
eBay API MCP Server Affected by Environment Variable Injection High
CVE-2026-27203 was published for ebay-mcp (npm) Feb 19, 2026
nedlir Credited to nedlir
MongoDB Shell may be susceptible to Control Character Injection via autocomplete High
CVE-2025-1691 was published for mongosh (npm) Feb 27, 2025
Flowise Path Injection at /api/v1/openai-assistants-file High
CVE-2024-36420 was published for flowise (npm) Aug 5, 2024
Ghost allows CSV Injection during member CSV export High
CVE-2024-34448 was published for @tryghost/members-csv (npm) May 22, 2024
Content-Security-Policy header generation in middleware could be compromised by malicious injections High
CVE-2024-29896 was published for @kindspells/astro-shield (npm) Mar 29, 2024
castarco Credited to castarco
TurboBoost Commands vulnerable to arbitrary method invocation High
CVE-2024-28181 was published for @turbo-boost/commands (RubyGems) Mar 15, 2024
CouchAuth host header injection vulnerability leaks the password reset token High
CVE-2023-39655 was published for @perfood/couch-auth (npm) Jan 3, 2024
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function High
CVE-2023-26127 was published for n158 (npm) May 27, 2023
HTML injection in search results via plaintext message highlighting High
CVE-2023-30609 was published for matrix-react-sdk (npm) Apr 25, 2023
dustjs-linkedin vulnerable to Prototype Pollution High
CVE-2021-4264 was published for dustjs-linkedin (npm) Dec 21, 2022
Withdrawn: Octocat.js vulnerable to code injection High
CVE-2022-39390 was published for octocat.js (npm) Nov 8, 2022 withdrawn
Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD High
CVE-2022-31179 was published for shescape (npm) Jul 15, 2022
tdunlap607 Credited to tdunlap607
Code injection via SVG file in convert-svg-core High
CVE-2022-24429 was published for convert-svg-core (npm) Jun 11, 2022
Command injection in google-it High
CVE-2021-34083 was published for google-it (npm) Jun 3, 2022
Command injection in docker-tester High
CVE-2021-34079 was published for docker-tester (npm) Jun 3, 2022
Clamscan vulnerable to command injection High
CVE-2020-7613 was published for clamscan (npm) May 24, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov High
CVE-2020-7596 was published for codecov (npm) May 24, 2022
mmcshinsky-bitgo Credited to mmcshinsky-bitgo
Improper handling of multiline messages in node-irc affects matrix-appservice-irc High
CVE-2022-29166 was published for matrix-appservice-irc (npm) May 23, 2022
Improper handling of multiline messages in node-irc High
GHSA-52rh-5rpj-c3w6 was published for matrix-org-irc (npm) May 5, 2022
kurt-r2c Credited to kurt-r2c and sunnypatell sunnypatell sunnypatell
Command injection in simple-git High
CVE-2022-24433 was published for simple-git (npm) Mar 12, 2022
Command injection in git-parse High
CVE-2021-26543 was published for git-parse (npm) Feb 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database