GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,253
Composer 3,944
Erlang 29
GitHub Actions 16
Go 1,729
Maven 4,955
npm 3,489
NuGet 607
pip 3,056
Pub 10
RubyGems 832
Rust 778
Swift 34

Unreviewed advisories

All unreviewed 219,666

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

4 advisories

Filter by severity

Sort by

Least recently updated

Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain High

CVE-2024-34069 was published for Werkzeug (pip) May 6, 2024

Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Moderate

CVE-2024-34064 was published for Jinja2 (pip) May 6, 2024

yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581) High

CVE-2024-22423 was published for yt-dlp (pip) Apr 10, 2024

Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks Critical

CVE-2021-21386 was published for APKLeaks (pip) Jan 21, 2022

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

4 advisories