Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,015 advisories

Loading
Open Redirect in url-parse Critical
CVE-2018-3774 was published for url-parse (npm) Aug 13, 2018
Sandbox Breakout in safe-eval Critical
CVE-2017-16088 was published for safe-eval (npm) Jul 18, 2018
OS Command Injection in docker-compose-remote-api Critical
CVE-2020-7606 was published for docker-compose-remote-api (npm) May 7, 2021
SQL Injection in sequelize Critical
CVE-2019-10752 was published for sequelize (npm) Oct 25, 2019
Sandbox Breakout / Arbitrary Code Execution in safe-eval Critical
CVE-2020-7710 was published for safe-eval (npm) Aug 25, 2020
npm-script-demo is malware Critical
CVE-2017-16128 was published for npm-script-demo (npm) Sep 1, 2020
XSS in hello.js Critical
CVE-2020-7741 was published for hellojs (npm) Jan 13, 2021
Remote Code Execution in scratch-vm Critical
CVE-2020-14000 was published for scratch-vm (npm) Jul 27, 2020
Prototype Pollution in node.extend Critical
CVE-2018-16491 was published for node.extend (npm) Feb 7, 2019
Code Injection in cryo Critical
CVE-2018-3784 was published for cryo (npm) Aug 21, 2018
Arbitrary Code Execution in mathjs Critical
CVE-2017-1001003 was published for mathjs (npm) Dec 18, 2017
Prototype Pollution in merge-recursive Critical
CVE-2018-3751 was published for merge-recursive (npm) Sep 18, 2018
Denial of Service in memjs Critical
CVE-2018-3767 was published for memjs (npm) Oct 10, 2018
Remote code execution in mongo-express Critical
CVE-2020-24391 was published for mongodb-query-parser (npm) Apr 13, 2021
Code Injection in morgan Critical
CVE-2019-5413 was published for morgan (npm) Mar 25, 2019
Prototype Pollution in defaults-deep Critical
CVE-2018-16486 was published for defaults-deep (npm) Feb 7, 2019
Command Injection in whereis Critical
CVE-2018-3772 was published for whereis (npm) Jul 31, 2018
OS Command Injection in giting Critical
CVE-2019-10802 was published for giting (npm) Apr 13, 2021
KateCatlin
OS Command Injection in node-prompt-here Critical
CVE-2020-7602 was published for node-prompt-here (npm) May 7, 2021
Chromium Remote Code Execution in electron Critical
CVE-2017-16151 was published for electron (npm) Jul 24, 2018
Authorization bypass in Strapi Critical
CVE-2020-27664 was published for strapi (npm) May 10, 2021
Command Injection in apex-publish-static-files Critical
CVE-2018-16462 was published for apex-publish-static-files (npm) Nov 1, 2018
set-getter Prototype Pollution Vulnerability Critical
CVE-2021-25949 was published for set-getter (npm) Jun 21, 2021
total.js Remote Code Execution Vulnerability Critical
CVE-2021-23344 was published for total.js (npm) Mar 19, 2021
OS Command Injection in heroku-addonpool Critical
CVE-2020-7634 was published for heroku-addonpool (npm) Dec 9, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database