Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

102 advisories

Loading
LibreNMS Information Disclosure Critical
CVE-2019-10665 was published for librenms/librenms (Composer) May 24, 2022
EMSeek Credited to EMSeek
@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses Critical
CVE-2026-25641 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
cristianstaicu Credited to cristianstaicu
@nyariv/sandboxjs has a Sandbox Escape vulnerability Critical
CVE-2026-25587 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
c0rydoras Credited to c0rydoras
@nyariv/sandboxjs has Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution Critical
CVE-2026-25586 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
sofianeelhor Credited to sofianeelhor
@nyariv/sandboxjs has a Sandbox Escape issue Critical
CVE-2026-25520 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
c0rydoras Credited to c0rydoras
Fleet has SAML authentication vulnerability due to improper SAML response validation Critical
CVE-2025-27509 was published for github.com/fleetdm/fleet/v4 (Go) Mar 6, 2025
hakivvi Credited to hakivvi, lucasmrod, getvictor, rh-colbymorgan, and jeffssh lucasmrod lucasmrod
getvictor getvictor rh-colbymorgan rh-colbymorgan jeffssh jeffssh
Code injection in Apache Struts Critical
CVE-2013-2251 was published for org.apache.struts:struts2-core (Maven) May 13, 2022
sunSUNQ Credited to sunSUNQ
Remote Code Execution in Spring Framework Critical
CVE-2022-22965 was published for org.springframework.boot:spring-boot-starter-web (Maven) Mar 31, 2022
rotilho Credited to rotilho, cdupuis, and briandealwis cdupuis cdupuis
briandealwis briandealwis
CodeIgniter arbitrary code execution Critical
CVE-2016-10131 was published for bcit-ci/codeigniter (Composer) May 17, 2022
Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header Critical
GHSA-c2p2-hgjg-9r3f was published for islandora/crayfish (Composer) Feb 12, 2025
xbow-security Credited to xbow-security
Prototype Pollution in handlebars Critical
CVE-2019-19919 was published for bootstrap-wysihtml5-rails (RubyGems) Dec 26, 2019
Langchain SQL Injection vulnerability Critical
CVE-2023-32785 was published for langchain (pip) Oct 21, 2023
bertuxdeveloper Credited to bertuxdeveloper
SaltStack Salt is vulnerable to shell injection via ProxyCommand argument Critical
CVE-2021-3197 was published for salt (pip) May 24, 2022
pwntools Server-Side Template Injection (SSTI) vulnerability Critical
CVE-2020-28468 was published for pwntools (pip) Apr 20, 2021
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy Critical
CVE-2015-3253 was published for org.codehaus.groovy:groovy (Maven) May 13, 2022
SebGondron Credited to SebGondron
Arbitrary expression injection in Pillow Critical
CVE-2022-22817 was published for Pillow (pip) Jan 12, 2022
G-Rath Credited to G-Rath
Searchor CLI's Search vulnerable to Arbitrary Code using Eval Critical
CVE-2023-43364 was published for searchor (pip) Sep 25, 2023
llama-index vulnerable to arbitrary code execution Critical
CVE-2023-39662 was published for llama-index (pip) Aug 15, 2023
KaliforniaShell Credited to KaliforniaShell
LangChain vulnerable to code injection Critical
CVE-2023-29374 was published for langchain (pip) Apr 5, 2023
Command injection in libvcs and vcspull Critical
CVE-2022-21187 was published for libvcs (pip) Mar 15, 2022
tony Credited to tony
LangChain vulnerable to arbitrary code execution Critical
CVE-2023-38896 was published for langchain (pip) Aug 15, 2023
LangChain vulnerable to arbitrary code execution Critical
CVE-2023-39659 was published for langchain (pip) Aug 15, 2023
eyurtsev Credited to eyurtsev
DataEase's H2 datasource has a remote command execution risk Critical
CVE-2024-46997 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj Credited to flylzj
Command injection in Gerapy Critical
CVE-2020-7698 was published for gerapy (pip) May 6, 2021
Ansible Code Injection Vulnerability Critical
CVE-2014-4678 was published for ansible (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database