GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
73 advisories
Filter by severity
Drupal core contains a potential PHP Object Injection vulnerability
Low
CVE-2024-55636
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability
High
CVE-2024-55637
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability
High
CVE-2024-55638
was published
for
drupal/core
(Composer)
Dec 10, 2024
Prototype Pollution in the merge and clone helper methods
Moderate
CVE-2021-39227
was published
for
zrender
(npm)
Sep 20, 2021
Remote code execution in pytorch lightning
Critical
CVE-2024-5452
was published
for
lightning
(pip)
Jun 6, 2024
Remote Code Execution via Script (Python) objects under Python 3
High
CVE-2021-32811
was published
for
Zope
(pip)
Aug 5, 2021
Remote Code Execution via unsafe classes in otherwise permitted modules
Moderate
CVE-2021-32807
was published
for
AccessControl
(pip)
Aug 5, 2021
qcubed PHP object injection
Critical
CVE-2020-24914
was published
for
qcubed/qcubed
(Composer)
May 24, 2022
Class destructors causing side-effects when being unserialized in TYPO3 CMS
High
CVE-2020-11066
was published
for
typo3/cms
(Composer)
May 13, 2020
Phar object injection in PHPMailer
High
CVE-2018-19296
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Prototype Pollution in object-path
High
CVE-2021-3805
was published
for
object-path
(npm)
Sep 20, 2021
json-schema is vulnerable to Prototype Pollution
Critical
CVE-2021-3918
was published
for
json-schema
(npm)
Nov 19, 2021
Prototype Pollution in node-forge
High
CVE-2020-7720
was published
for
node-forge
(npm)
Sep 14, 2020
Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User
High
CVE-2023-32079
was published
for
github.com/gravitl/netmaker
(Go)
Aug 25, 2023
set-getter Prototype Pollution Vulnerability
Critical
CVE-2021-25949
was published
for
set-getter
(npm)
Jun 21, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs
High
CVE-2020-7679
was published
for
casperjs
(npm)
May 17, 2021
Deserialization of untrusted data in FasterXML jackson-databind
Critical
CVE-2019-14379
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Aug 1, 2019
Prototype Pollution in record-like-deep-assign
High
CVE-2021-23402
was published
for
record-like-deep-assign
(npm)
Dec 10, 2021
Prototype Pollution in irrelon-path and @irrelon/path
Critical
CVE-2020-7708
was published
for
@irrelon/path
(npm)
May 6, 2021
ProTip!
Advisories are also available from the
GraphQL API