GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
82 advisories
Filter by severity
HTTP Response Splitting in Styx
Moderate
CVE-2020-6858
was published
for
com.hotels.styx:styx-api
(Maven)
Mar 3, 2020
CSS Injection in Chartkick gem
Moderate
CVE-2020-16254
was published
for
chartkick
(RubyGems)
Aug 12, 2020
Authenticated remote code execution
Moderate
GHSA-pjj4-jjgc-h3r8
was published
for
shopware/platform
(Composer)
Mar 12, 2021
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
Moderate
GHSA-35fr-h7jr-hh86
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 6, 2019
File upload local preview can run embedded scripts after user interaction
Moderate
GHSA-8796-gc9j-63rv
was published
for
matrix-react-sdk
(npm)
May 17, 2021
Injection in DeltaSpike
Moderate
CVE-2019-12416
was published
for
org.apache.deltaspike:deltaspike
(Maven)
Feb 10, 2022
Apache Superset vulnerable to Injection
Moderate
CVE-2022-43720
was published
for
apache-superset
(pip)
Jan 16, 2023
Injection in MockServer
Moderate
CVE-2021-32827
was published
for
org.mock-server:mockserver
(Maven)
Aug 30, 2021
Injection in Jenkins
Moderate
CVE-2018-1000193
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
http before 0.13.3 vulnerable to header injection
Moderate
CVE-2020-35669
was published
for
http
(Pub)
May 24, 2022
Improper Input Validation and Injection in Apache Log4j2
Moderate
CVE-2021-44832
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Jan 4, 2022
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File
Moderate
CVE-2022-39217
was published
for
some-natalie/ghas-to-csv
(GitHub Actions)
Sep 16, 2022
@actions/core has Delimiter Injection Vulnerability in exportVariable
Moderate
CVE-2022-35954
was published
for
@actions/core
(npm)
Aug 18, 2022
Prototype Pollution in dot-object
Moderate
CVE-2019-10793
was published
for
dot-object
(npm)
Feb 9, 2022
Credentials bypass in Apache Druid
Moderate
CVE-2020-1958
was published
for
org.apache.druid:druid
(Maven)
Feb 9, 2022
Prototype Pollution in undefsafe
Moderate
CVE-2019-10795
was published
for
undefsafe
(npm)
Feb 9, 2022
Injection in Apache Archiva
Moderate
CVE-2020-9495
was published
for
org.apache.archiva:archiva
(Maven)
Feb 10, 2022
Header injection in nodemailer
Moderate
CVE-2021-23400
was published
for
nodemailer
(npm)
Dec 10, 2021
Improper file handling in matrix-react-sdk
Moderate
CVE-2021-32622
was published
for
matrix-react-sdk
(npm)
Feb 10, 2022
Command injection in Apache Flink
Moderate
CVE-2020-1960
was published
for
org.apache.flink:flink-core
(Maven)
May 21, 2021
Client-Side JavaScript Prototype Pollution in oro/platform
Moderate
CVE-2021-43852
was published
for
oro/platform
(Composer)
Jan 6, 2022
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type
Moderate
CVE-2022-35948
was published
for
undici
(npm)
Aug 18, 2022
Command injection in gh-ost
Moderate
CVE-2022-21687
was published
for
github.com/github/gh-ost
(Go)
Feb 1, 2022
ProTip!
Advisories are also available from the
GraphQL API