GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
API token verification can be bypassed in NodeBB
Critical
CVE-2021-43786
was published
for
nodebb
(npm)
Nov 30, 2021
XSS via prototype pollution in NodeBB
Critical
CVE-2021-43787
was published
for
nodebb
(npm)
Nov 30, 2021
NodeBB vulnerable to path traversal in translator module
Moderate
CVE-2021-43788
was published
for
nodebb
(npm)
Nov 30, 2021
Poetry vulnerable to Untrusted Search Path leading to Local Code Execution on Windows
High
CVE-2022-36070
was published
for
poetry
(pip)
Oct 11, 2022
Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile.
Moderate
CVE-2021-43809
was published
for
bundler
(RubyGems)
Dec 8, 2021
Prototype Pollution leading to Remote Code Execution in superjson
Critical
CVE-2022-23631
was published
for
blitz
(npm)
Feb 9, 2022
Improper escaping of command arguments on Windows leading to command injection
High
CVE-2021-41116
was published
for
composer/composer
(Composer)
Oct 5, 2021
org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
Critical
CVE-2024-1597
was published
for
org.postgresql:postgresql
(Maven)
Feb 21, 2024
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
Critical
CVE-2024-32888
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
May 15, 2024
pgx SQL Injection via Line Comment Creation
High
CVE-2024-27289
was published
for
github.com/jackc/pgx
(Go)
Mar 4, 2024
pgproto3 SQL Injection via Protocol Message Size Overflow
High
GHSA-7jwh-3vrq-q3m8
was published
for
github.com/jackc/pgproto3
(Go)
Mar 4, 2024
Poetry Argument Injection can lead to Local Code Execution
High
CVE-2022-36069
was published
for
poetry
(pip)
Sep 16, 2022
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
High
CVE-2024-32655
was published
for
Npgsql
(NuGet)
May 9, 2024
pgx SQL Injection via Protocol Message Size Overflow
High
CVE-2024-27304
was published
for
github.com/jackc/pgx
(Go)
Mar 4, 2024
ProTip!
Advisories are also available from the
GraphQL API