GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an...
Critical
Unreviewed
CVE-2019-12148
was published
May 24, 2022
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to...
Critical
Unreviewed
CVE-2017-14591
was published
May 17, 2022
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial...
Critical
Unreviewed
CVE-2018-13385
was published
May 13, 2022
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x...
Critical
Unreviewed
CVE-2018-17456
was published
May 13, 2022
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program...
Critical
Unreviewed
CVE-2018-10992
was published
May 13, 2022
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by...
Critical
Unreviewed
CVE-2019-3463
was published
May 13, 2022
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung...
Critical
Unreviewed
CVE-2018-3856
was published
May 13, 2022
Argument injection in python-libnmap
Critical
CVE-2022-30284
was published
for
python-libnmap
(pip)
May 6, 2022
Command injection in git-interface
Critical
CVE-2022-1440
was published
for
git-interface
(npm)
Apr 23, 2022
Command Injection Vulnerability with Mercurial in VCS
Critical
CVE-2022-21235
was published
for
github.com/Masterminds/vcs
(Go)
Apr 1, 2022
CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule
Critical
Unreviewed
CVE-2021-43736
was published
Mar 24, 2022
Arbitrary code execution in H2 Console
Critical
CVE-2022-23221
was published
for
com.h2database:h2
(Maven)
Jan 21, 2022
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
Critical
CVE-2021-21386
was published
for
APKLeaks
(pip)
Jan 21, 2022
Dragonfly contains remote code execution vulnerability
Critical
CVE-2021-33564
was published
for
dragonfly
(RubyGems)
Jun 2, 2021
Command injection in nodemailer
Critical
CVE-2020-7769
was published
for
nodemailer
(npm)
May 10, 2021
Prototype Pollution in mixin-deep
Critical
CVE-2019-10746
was published
for
mixin-deep
(npm)
Aug 27, 2019
Arbitrary Code Execution in mathjs
Critical
CVE-2017-1001003
was published
for
mathjs
(npm)
Dec 18, 2017
ProTip!
Advisories are also available from the
GraphQL API