Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

7 advisories

Loading
Potential Actions command injection in output filenames (GHSL-2023-275) High
CVE-2023-52137 was published for tj-actions/verify-changed-files (GitHub Actions) Jan 2, 2024
jorgectf jsoref
tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271) High
CVE-2023-51664 was published for tj-actions/changed-files (GitHub Actions) Jan 2, 2024
jorgectf jsoref
Actions expression injection in `filter-test-configs` (`GHSL-2023-181`) Moderate
GHSA-hw6r-g8gj-2987 was published for https://github.com/pytorch/pytorch/.github/actions/filter-test-configs (GitHub Actions) Aug 30, 2023
jorgectf
Arbitrary command injection in embano1/wip High
CVE-2023-30623 was published for embano1/wip (GitHub Actions) Apr 24, 2023
R3x
Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower Low
CVE-2023-23939 was published for Azure/setup-kubectl (GitHub Actions) Mar 7, 2023
run-terraform allows for RCE via terraform plan High
CVE-2022-39326 was published for kartverket/github-workflows (GitHub Actions) Oct 19, 2022
eliihen
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File Moderate
CVE-2022-39217 was published for some-natalie/ghas-to-csv (GitHub Actions) Sep 16, 2022
aegilops some-natalie
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database