Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,198
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,902 advisories

Loading
There is a code injection vulnerability in smartphones. Successful exploitation of this... High Unreviewed
CVE-2021-22395 was published Feb 26, 2022
Template injection (Improper Neutralization of Special Elements Used in a Template Engine)... Moderate Unreviewed
CVE-2022-23810 was published Feb 25, 2022
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via... High Unreviewed
CVE-2022-24664 was published Feb 17, 2022
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via... High Unreviewed
CVE-2022-24663 was published Feb 17, 2022
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a... High Unreviewed
CVE-2022-24665 was published Feb 17, 2022
Gitea Remote Code Execution (RCE) Critical
CVE-2018-18926 was published for code.gitea.io/gitea (Go) Feb 15, 2022
Gitea Remote Code Execution High
CVE-2019-11229 was published for github.com/go-gitea/gitea (Go) Feb 15, 2022
Git LFS can execute a Git binary from the current directory on Windows High
CVE-2021-21237 was published for github.com/git-lfs/git-lfs (Go) Feb 15, 2022
Ry0taK
PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2022-23389 was published Feb 15, 2022
Apache Cassandra vulnerable to Code Injection due to unsafe configuration Critical
CVE-2021-44521 was published for org.apache.cassandra:cassandra-all (Maven) Feb 12, 2022
Insecure template handling in Express-handlebars High
CVE-2021-32820 was published for express-handlebars (npm) Feb 10, 2022
Code injection in Twig High
CVE-2022-23614 was published for twig/twig (Composer) Feb 10, 2022
Arbitrary Code Execution in Handlebars High
CVE-2019-20920 was published for handlebars (npm) Feb 10, 2022
Code Injection in jsen High
CVE-2020-7777 was published for jsen (npm) Feb 10, 2022
Remote code execution in Apache Struts Critical
CVE-2020-17530 was published for org.apache.struts:struts2-core (Maven) Feb 9, 2022
Prototype Pollution leading to Remote Code Execution in superjson Critical
CVE-2022-23631 was published for blitz (npm) Feb 9, 2022
paul-gerste-sonarsource
Remote code execution in Apache ActiveMQ Critical
CVE-2020-11998 was published for org.apache.activemq:activemq-parent (Maven) Feb 9, 2022
sunSUNQ
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability... Critical Unreviewed
CVE-2021-44978 was published Feb 9, 2022
Joplin Vulnerable to Code Injection Critical
CVE-2022-23340 was published for joplin (npm) Feb 9, 2022
Code injection in ShenYu Critical
CVE-2021-45029 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
Withdrawn: Code Injection in loguru Low
CVE-2022-0329 was published for loguru (pip) Jan 28, 2022 withdrawn
Server Side Twig Template Injection Critical
CVE-2022-21686 was published for prestashop/prestashop (Composer) Jan 27, 2022
Brum3ns
Mustache remote code injection vulnerability High
CVE-2022-0323 was published for mustache/mustache (Composer) Jan 27, 2022
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit... High Unreviewed
CVE-2021-46117 was published Jan 27, 2022
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit... High Unreviewed
CVE-2021-46118 was published Jan 27, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database