GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
51 advisories
Filter by severity
espeak-ruby allows arbitrary command execution
Critical
CVE-2016-10193
was published
for
espeak-ruby
(RubyGems)
Oct 24, 2017
Directory traversal vulnerability in RubyZip
Critical
CVE-2017-5946
was published
for
rubyzip
(RubyGems)
Oct 24, 2017
pysaml2 Improper Authentication vulnerability
Critical
CVE-2017-1000433
was published
for
pysaml2
(pip)
Jul 13, 2018
Code Execution Through IIFE in serialize-to-js
Critical
CVE-2017-5954
was published
for
serialize-to-js
(npm)
Jul 18, 2018
Command Injection in egg-scripts
Critical
CVE-2018-3786
was published
for
egg-scripts
(npm)
Sep 17, 2018
Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location
Critical
CVE-2018-12542
was published
for
io.vertx:vertx-web
(Maven)
Oct 17, 2018
Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication
Critical
CVE-2018-18389
was published
for
org.neo4j:neo4j-enterprise
(Maven)
Oct 17, 2018
mysql-bunuuid-rails vulnerable to SQL injection
Critical
CVE-2018-18476
was published
for
mysql-binuuid-rails
(RubyGems)
Oct 30, 2018
Command Injection in command-exists
Critical
GHSA-cff4-rrq6-h78w
was published
for
command-exists
(npm)
Jun 3, 2019
Nokogiri Command Injection Vulnerability
Critical
CVE-2019-5477
was published
for
nokogiri
(RubyGems)
Aug 19, 2019
Exposure of Sensitive Information to an Unauthorized Actor in AEgir
Critical
CVE-2020-11059
was published
for
aegir
(npm)
May 27, 2020
Remote Code Execution in SyliusResourceBundle
Critical
CVE-2020-15146
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
SQL Injection via GeoJSON in sequelize
Critical
CVE-2016-1000225
was published
for
sequelize
(npm)
Sep 1, 2020
Cross-Site Scripting in swagger-ui
Critical
GHSA-g336-c7wv-8hp3
was published
for
swagger-ui
(npm)
Sep 1, 2020
Prototype Pollution in asciitable.js
Critical
CVE-2020-7771
was published
for
asciitable.js
(npm)
Apr 13, 2021
Improper Input Validation in PyYAML
Critical
CVE-2020-1747
was published
for
pyyaml
(pip)
Apr 20, 2021
Heap overflow or corruption in safe-transmute
Critical
CVE-2018-21000
was published
for
safe-transmute
(Rust)
Aug 25, 2021
Deserializing an array can free uninitialized memory in byte_struct
Critical
CVE-2021-28033
was published
for
byte_struct
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API