Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,802
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,007
Pub
10
RubyGems
830
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+

109 advisories

Code injection issue for java-spring-cloud-stream-template High
CVE-2021-37694 was published for @asyncapi/java-spring-cloud-stream-template (npm) Aug 25, 2021
jonaslagoni
Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality Moderate
CVE-2021-32809 was published for ckeditor4 (npm) Aug 23, 2021
Denial of service in Valine Moderate
CVE-2021-34801 was published for valine (npm) Jun 21, 2021
Remote Command Execution in reg-keygen-git-hash-plugin High
CVE-2021-32673 was published for reg-keygen-git-hash-plugin (npm) Jun 8, 2021
progfay
Code Injection in node-extend Critical
CVE-2020-7673 was published for node-extend (npm) May 17, 2021
Improper Input Validation in access-policy Critical
CVE-2020-7674 was published for access-policy (npm) May 17, 2021
Code Injection in cd-messenger Critical
CVE-2020-7675 was published for cd-messenger (npm) May 17, 2021
Code Injection in mosc High
CVE-2020-7672 was published for mosc (npm) May 17, 2021
Insecure template handling in express-hbs Moderate
CVE-2021-32817 was published for express-hbs (npm) May 17, 2021
richardfan0606
Improper Input Validation and Code Injection in pdf-image High
CVE-2020-8132 was published for pdf-image (npm) May 10, 2021
Arbitrary Code Execution in shiba High
CVE-2020-7738 was published for shiba (npm) May 10, 2021
Code injection in blamer High
CVE-2020-8137 was published for blamer (npm) May 6, 2021
Withdrawn: Arbitrary Code Execution in static-eval Critical
CVE-2021-23334 was published for static-eval (npm) May 6, 2021 withdrawn
Arbitrary Code Execution in underscore Critical
CVE-2021-23358 was published for underscore (npm) May 6, 2021
rajuc075
Command Injection in lodash High
CVE-2021-23337 was published for lodash (npm) May 6, 2021
mitchell-codecov nitaiapiiro
ebickle
Remote code execution in handlebars when compiling templates Critical
CVE-2021-23369 was published for handlebars (Maven) May 6, 2021
westonsteimel
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection Critical
CVE-2020-28502 was published for xmlhttprequest (npm) May 4, 2021
Code Injection in oauth2-server High
CVE-2017-18924 was published for oauth2-server (npm) Apr 22, 2021
Arbitrary code execution in djv Critical
CVE-2020-28464 was published for djv (npm) Apr 13, 2021
Code Injection in script-manager High
CVE-2020-8129 was published for script-manager (npm) Apr 13, 2021
Prototype Pollution in decal High
CVE-2020-28450 was published for decal (npm) Apr 13, 2021
total.js Remote Code Execution Vulnerability Critical
CVE-2021-23344 was published for total.js (npm) Mar 19, 2021
Code injection in nobelprizeparser Critical
GHSA-4wv4-mgfq-598v was published for nobelprizeparser (npm) Mar 12, 2021
Angular Expressions - Remote Code Execution High
CVE-2021-21277 was published for angular-expressions (npm) Feb 1, 2021
Code Injection in mquery Moderate
CVE-2020-35149 was published for mquery (npm) Dec 18, 2020
ProTip! Advisories are also available from the GraphQL API