Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,014 advisories

Loading
vm2 Sandbox Escape vulnerability Critical
CVE-2023-32314 was published for vm2 (npm) May 15, 2023
arkark
jsreport vulnerable to code injection Critical
CVE-2023-2583 was published for jsreport (npm) May 8, 2023
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution Critical
CVE-2023-36475 was published for parse-server (npm) Jun 30, 2023
dblythy mtrezza
Command Injection Vulnerability in find-exec Critical
CVE-2023-40582 was published for find-exec (npm) Aug 30, 2023
miguelafmonteiro
FUXA SQL Injection vulnerability Critical
CVE-2023-31719 was published for fuxa-server (npm) Sep 22, 2023
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin Critical
CVE-2023-22621 was published for @strapi/plugin-email (npm) Apr 19, 2023
derrickmehaffy Ccamm
Convly
appium-desktop OS Command Injection vulnerability Critical
CVE-2023-2479 was published for appium-desktop (npm) May 2, 2023
external-svg-loader Cross-site Scripting vulnerability Critical
CVE-2023-40013 was published for external-svg-loader (npm) Aug 14, 2023
r00tdaemon
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46133 was published for crypto-es (npm) Oct 25, 2023
Zemnmez
Duplicate Advisory: tree-kill vulnerable to remote code execution Critical
GHSA-mxq6-vrrr-ppmg was published for tree-kill (npm) May 24, 2022 withdrawn
yasinsd
Path traversal and code execution via prototype vulnerability Critical
CVE-2023-26045 was published for nodebb (npm) Jul 25, 2023
starinfar
vm2 Sandbox Escape vulnerability Critical
CVE-2023-37903 was published for vm2 (npm) Jul 13, 2023
leesh3288
tree-kit Prototype Pollution vulnerability Critical
CVE-2023-38894 was published for tree-kit (npm) Aug 17, 2023
MrSwitch hello.js vulnerable to prototype pollution Critical
CVE-2021-26505 was published for hellojs (npm) Aug 11, 2023
Remote code execution in broccoli-compass Critical
CVE-2023-27848 was published for broccoli-compass (npm) Apr 24, 2023
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA Critical
CVE-2023-33831 was published for @frangoteam/fuxa (npm) Sep 18, 2023
SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution Critical
CVE-2023-39532 was published for ses (npm) Aug 9, 2023
corrideat
Remote code execution in dawnsparks-node-tesseract Critical
CVE-2023-29566 was published for dawnsparks-node-tesseract (npm) Apr 24, 2023
Potential leak of authentication data to 3rd parties Critical
CVE-2023-30846 was published for typed-rest-client (npm) Apr 27, 2023
yahavi JLLeitschuh
@nuxtlabs/github-module made Use of Hard-coded Credentials Critical
CVE-2023-2138 was published for @nuxtlabs/github-module (npm) Apr 18, 2023
Unsafe eval() in summit allows arbitrary code execution Critical
CVE-2017-16020 was published for summit (npm) Sep 1, 2020
Code injection in fsevents Critical
CVE-2023-45311 was published for fsevents (npm) Oct 6, 2023
Exposure of Sensitive Information in eventsource Critical
CVE-2022-1650 was published for eventsource (npm) May 13, 2022
macwier veloek
dlannoye
Remote code execution in handlebars when compiling templates Critical
CVE-2021-23369 was published for handlebars (Maven) May 6, 2021
westonsteimel
Prototype pollution in Merge-deep Critical
CVE-2021-26707 was published for merge-deep (npm) Jun 7, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database