Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,128
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,024
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,016 advisories

Loading
Remote code execution in mongo-express Critical
CVE-2020-24391 was published for mongodb-query-parser (npm) Apr 13, 2021
Command injection in spritesheet-js Critical
CVE-2020-7782 was published for spritesheet-js (npm) Apr 13, 2021
Prototype Pollution in asciitable.js Critical
CVE-2020-7771 was published for asciitable.js (npm) Apr 13, 2021
tdunlap607
Arbitrary code execution in djv Critical
CVE-2020-28464 was published for djv (npm) Apr 13, 2021
Prototype pollution in set-object-value Critical
CVE-2020-28281 was published for set-object-value (npm) Apr 13, 2021
Prototype Pollution in multi-ini Critical
CVE-2020-28448 was published for multi-ini (npm) Apr 13, 2021
Command injection in corenlp-js-prefab Critical
CVE-2020-28439 was published for corenlp-js-prefab (npm) Apr 13, 2021
OS Command Injection in giting Critical
CVE-2019-10802 was published for giting (npm) Apr 13, 2021
KateCatlin
Command injection in launchpad Critical
CVE-2021-23330 was published for launchpad (npm) Apr 13, 2021
Command Injection in nuance-gulp-build-common Critical
CVE-2020-28430 was published for nuance-gulp-build-common (npm) Apr 13, 2021 withdrawn
Command injection in eslint-fixer Critical
CVE-2021-26275 was published for eslint-fixer (npm) Apr 13, 2021
Server-Side Request Forgery in private-ip Critical
CVE-2020-28360 was published for private-ip (npm) Apr 13, 2021
Cross-site Scripting (XSS) in Eclipse Theia Critical
CVE-2020-27224 was published for @theia/preview (npm) Apr 13, 2021
Improper Input Validation in network-manager Critical
CVE-2019-10786 was published for network-manager (npm) Apr 13, 2021
Improper neutralization of arguments in freediskspace Critical
CVE-2020-7775 was published for freediskspace (npm) Apr 13, 2021
Command injection in gitlog Critical
CVE-2021-26541 was published for gitlog (npm) Apr 13, 2021
Command Injection in async-git Critical
CVE-2020-28490 was published for async-git (npm) Apr 12, 2021
Command Injection in macfromip Critical
CVE-2020-7786 was published for macfromip (npm) Apr 12, 2021
Prototype Pollution in set-or-get Critical
CVE-2021-25913 was published for set-or-get (npm) Apr 12, 2021
Client TLS credentials sent raw to server in npm package nats Critical
GHSA-prmc-5v5w-c465 was published for nats (npm) Apr 6, 2021
Command injection in fs-path Critical
CVE-2020-8298 was published for fs-path (npm) Mar 25, 2021
total.js Remote Code Execution Vulnerability Critical
CVE-2021-23344 was published for total.js (npm) Mar 19, 2021
Command injection in node-ps Critical
CVE-2020-7785 was published for node-ps (npm) Mar 19, 2021
Command Injection in ps-kill Critical
CVE-2021-23355 was published for ps-kill (npm) Mar 19, 2021
Code injection in kill-process-by-name Critical
CVE-2021-23356 was published for kill-process-by-name (npm) Mar 19, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database