Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,361
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,794
NuGet
685
pip
3,473
Pub
12
RubyGems
895
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,120 advisories

Loading
django_make_app is vulnerable to Code Injection Critical
CVE-2017-16764 was published for django_make_app (pip) Jul 13, 2018
Code injection in ansible High
CVE-2017-2809 was published for ansible-vault (pip) Jul 13, 2018
Eve allows execution of arbitrary code Critical
CVE-2018-8097 was published for eve (pip) Jul 12, 2018
Growl before 1.10.0 vulnerable to Command Injection Critical
CVE-2017-16042 was published for growl (npm) Jun 8, 2018
Arbitrary Code Injection in reduce-css-calc Critical
CVE-2016-10548 was published for reduce-css-calc (npm) Jun 7, 2018
Arbitrary Code Execution in mathjs Critical
CVE-2017-1001002 was published for mathjs (npm) Dec 18, 2017
actionpack CRLF injection vulnerability Moderate
CVE-2011-3186 was published for actionpack (RubyGems) Oct 24, 2017
Ruby on Rails vulnerable to code injection High
CVE-2006-4111 was published for rails (RubyGems) Oct 24, 2017
Dragonfly Code Injection vulnerability High
CVE-2013-1756 was published for dragonfly (RubyGems) Oct 24, 2017
fastreader Gem for Ruby URI Handling Arbitrary Command Injection High
CVE-2013-2615 was published for fastreader (RubyGems) Oct 24, 2017
Thumbshooter vulnerable to Code Injection High
CVE-2013-1898 was published for thumbshooter (RubyGems) Oct 24, 2017
Curl Gem insufficient URL escaping command injection High
CVE-2013-2617 was published for curl (RubyGems) Oct 24, 2017
rgpg Code Injection vulnerability High
CVE-2013-4203 was published for rgpg (RubyGems) Oct 24, 2017
MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection High
CVE-2013-2616 was published for mini_magick (RubyGems) Oct 24, 2017
Sounder Contains Arbitrary Command Execution Vulnerability High
CVE-2013-5647 was published for sounder (RubyGems) Oct 24, 2017
Shell command injection in command_wrap High
CVE-2013-1875 was published for command_wrap (RubyGems) Oct 24, 2017
Potential for Script Injection in syntax-error High
CVE-2014-7192 was published for syntax-error (npm) Oct 24, 2017
RDIL
Arbitrary JavaScript Execution in bassmaster Critical
CVE-2014-7205 was published for bassmaster (npm) Oct 24, 2017
sprout Arbitrary Code Execution vulnerability High
CVE-2013-6421 was published for sprout (RubyGems) Oct 24, 2017
Webbynode Code Injection vulnerability High
CVE-2013-7086 was published for webbynode (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database