GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
320 advisories
Filter by severity
Command Injection in Xstream
Critical
CVE-2013-7285
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 29, 2019
Use of Insufficiently Random Values in Railties Allows Remote Code Execution
Critical
CVE-2019-5420
was published
for
railties
(RubyGems)
Mar 13, 2019
Critical severity vulnerability that affects Haraka
Critical
CVE-2016-1000282
was published
for
Haraka
(npm)
Feb 12, 2019
Command Injection in apex-publish-static-files
Critical
CVE-2018-16462
was published
for
apex-publish-static-files
(npm)
Nov 1, 2018
Ansible fails to properly sanitize fact variables sent from the Ansible controller
Critical
CVE-2016-8628
was published
for
ansible
(pip)
Oct 10, 2018
Command Injection in egg-scripts
Critical
CVE-2018-3786
was published
for
egg-scripts
(npm)
Sep 17, 2018
Git-fastclone passes user modifiable strings directly to a shell command
Critical
CVE-2015-8969
was published
for
git-fastclone
(RubyGems)
Aug 15, 2018
git-fastclone permits arbitrary shell command execution from .gitmodules
High
CVE-2015-8968
was published
for
git-fastclone
(RubyGems)
Aug 15, 2018
active-support impersonates 'activesupport' gem
Critical
CVE-2018-3779
was published
for
active-support
(RubyGems)
Aug 13, 2018
Potential Command Injection in printer
Critical
CVE-2014-3741
was published
for
printer
(npm)
Nov 28, 2017
Potential Command Injection in codem-transcode
High
CVE-2013-7377
was published
for
codem-transcode
(npm)
Nov 28, 2017
sfpagent Command Injection vulnerability
High
CVE-2014-2888
was published
for
sfpagent
(RubyGems)
Oct 24, 2017
dns-sync command injection vulnerability
Critical
CVE-2014-9682
was published
for
dns-sync
(npm)
Oct 24, 2017
colorscore Command Injection vulnerability
Critical
CVE-2015-7541
was published
for
colorscore
(RubyGems)
Oct 24, 2017
festivaltts4r allows arbitrary command execution
Critical
CVE-2016-10194
was published
for
festivaltts4r
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API