Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,781
NuGet
681
pip
3,460
Pub
12
RubyGems
893
Rust
891
Swift
38
Unreviewed advisories
All unreviewed
5,000+

54 advisories

Loading
Incomplete fix for Apache Log4j vulnerability Critical
CVE-2021-45046 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 14, 2021
mrjonstrong afdesk
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
Expression Language Injection in Apache Syncope Critical
CVE-2020-1959 was published for org.apache.syncope:syncope-core (Maven) Jun 16, 2021
Remote Code Execution in SyliusResourceBundle Critical
CVE-2020-15146 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database