GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,934 advisories
Filter by severity
Potential Command Injection in shell-quote
Critical
CVE-2016-10541
was published
for
shell-quote
(npm)
Feb 18, 2019
xterm vulnerable to remote code execution
High
CVE-2019-0542
was published
for
xterm
(npm)
Jan 14, 2019
sqla-yaml-fixtures is vulnerable to Code Injection
High
CVE-2019-3575
was published
for
sqla-yaml-fixtures
(pip)
Jan 4, 2019
Code injection in Danijar Definitions
High
CVE-2018-20325
was published
for
definitions
(pip)
Dec 26, 2018
Spring Security OAuth vulnerable to remote code execution (RCE)
Critical
CVE-2018-1260
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 18, 2018
Improperly Implemented Security Check for Standard in org.springframework:spring-core
Critical
CVE-2018-1275
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Spring Framework allows applications to expose STOMP over WebSocket endpoints
Critical
CVE-2018-1270
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Spring Data Commons remote code injection vulnerability
Critical
CVE-2018-1273
was published
for
org.springframework.data:spring-data-commons
(Maven)
Oct 17, 2018
Arbitrary Code Injection in pouchdb
Critical
CVE-2016-10546
was published
for
pouchdb
(npm)
Jul 26, 2018
Chromium Remote Code Execution in electron
Critical
CVE-2017-16151
was published
for
electron
(npm)
Jul 24, 2018
django_make_app is vulnerable to Code Injection
Critical
CVE-2017-16764
was published
for
django_make_app
(pip)
Jul 13, 2018
Eve allows execution of arbitrary code
Critical
CVE-2018-8097
was published
for
eve
(pip)
Jul 12, 2018
Growl before 1.10.0 vulnerable to Command Injection
Critical
CVE-2017-16042
was published
for
growl
(npm)
Jun 8, 2018
Arbitrary Code Injection in reduce-css-calc
Critical
CVE-2016-10548
was published
for
reduce-css-calc
(npm)
Jun 7, 2018
Arbitrary Code Execution in mathjs
Critical
CVE-2017-1001002
was published
for
mathjs
(npm)
Dec 18, 2017
Ruby on Rails vulnerable to code injection
High
CVE-2006-4111
was published
for
rails
(RubyGems)
Oct 24, 2017
actionpack CRLF injection vulnerability
Moderate
CVE-2011-3186
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Dragonfly Code Injection vulnerability
High
CVE-2013-1756
was published
for
dragonfly
(RubyGems)
Oct 24, 2017
Curl Gem insufficient URL escaping command injection
High
CVE-2013-2617
was published
for
curl
(RubyGems)
Oct 24, 2017
MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
High
CVE-2013-2616
was published
for
mini_magick
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API