Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

6 advisories

Loading
Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts` Low
CVE-2024-52587 was published for step-security/harden-runner (GitHub Actions) Nov 18, 2024
woodruffw
A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the... Low Unreviewed
CVE-2024-8869 was published Sep 16, 2024
IPython vulnerable to command injection via set_term_title Low
CVE-2023-24816 was published for ipython (pip) Feb 10, 2023
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py... Low Unreviewed
CVE-2021-32556 was published May 24, 2022
Command injection in @diez/generation Low
CVE-2021-32830 was published for @diez/generation (npm) Sep 2, 2021
Command Injection in Limdu Low
CVE-2020-4066 was published for limdu (npm) Jun 22, 2020
Churro
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database