Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,822
Erlang
36
GitHub Actions
32
Go
2,413
Maven
5,000+
npm
4,052
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

944 advisories

Loading
Web Media Extensions Remote Code Execution Vulnerability Critical Unreviewed
CVE-2021-43214 was published Dec 16, 2021
Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a... Critical Unreviewed
CVE-2022-26198 was published Mar 28, 2022
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload... Critical Unreviewed
CVE-2022-26255 was published Mar 29, 2022
Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE)... Critical Unreviewed
CVE-2022-26205 was published Mar 28, 2022
A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute... Critical Unreviewed
CVE-2022-26272 was published Mar 26, 2022
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. Critical Unreviewed
CVE-2022-25578 was published Mar 20, 2022
A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to... Critical Unreviewed
CVE-2022-26174 was published Mar 23, 2022
Embedded Malicious Code in node-ipc Critical
CVE-2022-23812 was published for node-ipc (npm) Mar 16, 2022
Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina Critical
CVE-2023-23619 was published for @asyncapi/modelina (npm) Sep 21, 2021
jonaslagoni
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views Critical
CVE-2023-22731 was published for shopware/core (Composer) Jan 17, 2023
The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be... Critical Unreviewed
CVE-2022-4060 was published Jan 16, 2023
Growl before 1.10.0 vulnerable to Command Injection Critical
CVE-2017-16042 was published for growl (npm) Jun 8, 2018
Code injection in nobelprizeparser Critical
GHSA-4wv4-mgfq-598v was published for nobelprizeparser (npm) Mar 12, 2021
Arbitrary Code Execution in mathjs Critical
CVE-2017-1001002 was published for mathjs (npm) Dec 18, 2017
Command Injection in dns-sync Critical
CVE-2017-16100 was published for dns-sync (npm) Jul 18, 2018
Arbitrary Code Injection in pouchdb Critical
CVE-2016-10546 was published for pouchdb (npm) Jul 26, 2018
Arbitrary Code Injection in reduce-css-calc Critical
CVE-2016-10548 was published for reduce-css-calc (npm) Jun 7, 2018
Arbitrary JavaScript Execution in bassmaster Critical
CVE-2014-7205 was published for bassmaster (npm) Oct 24, 2017
Command Injection in hot-formula-parser Critical
CVE-2020-6836 was published for hot-formula-parser (npm) May 6, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database