Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,014 advisories

Loading
json-logic-js Command Injection vulnerability Critical
CVE-2021-4329 was published for json-logic-js (npm) Mar 5, 2023
builderio/qwik is vulnerable to code injection Critical
CVE-2023-1283 was published for @builder.io/qwik (npm) Mar 9, 2023
node-bluetooth-serial-port is vulnerable to Buffer Overflow via the findSerialPortChannel Critical
CVE-2023-26109 was published for node-bluetooth-serial-port (npm) Mar 9, 2023
node-bluetooth is vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation Critical
CVE-2023-26110 was published for node-bluetooth (npm) Mar 9, 2023
stoqey/gnuplot is vulnerable to command injection Critical
CVE-2021-33360 was published for @stoqey/gnuplot (npm) Mar 10, 2023
Cross-realm object access in Webpack 5 Critical
CVE-2023-28154 was published for webpack (npm) Mar 13, 2023
Jack-Works 0723Cu
code-server vulnerable to Missing Origin Validation in WebSockets Critical
CVE-2023-26114 was published for code-server (npm) Mar 23, 2023
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend Critical
CVE-2023-28444 was published for angular-server-side-configuration (npm) Mar 24, 2023
milo526
vm2 vulnerable to sandbox escape Critical
CVE-2023-29017 was published for vm2 (npm) Apr 7, 2023
seongil-wi rectcoordsystem
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization Critical
CVE-2023-26122 was published for safe-eval (npm) Apr 11, 2023
safe-eval vulnerable to Prototype Pollution via the safeEval function Critical
CVE-2023-26121 was published for safe-eval (npm) Apr 11, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-29199 was published for vm2 (npm) Apr 12, 2023
leesh3288
@nuxtlabs/github-module made Use of Hard-coded Credentials Critical
CVE-2023-2138 was published for @nuxtlabs/github-module (npm) Apr 18, 2023
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin Critical
CVE-2023-22621 was published for @strapi/plugin-email (npm) Apr 19, 2023
derrickmehaffy Ccamm
Convly
vm2 Sandbox Escape vulnerability Critical
CVE-2023-30547 was published for vm2 (npm) Apr 20, 2023
leesh3288
Remote code execution in dawnsparks-node-tesseract Critical
CVE-2023-29566 was published for dawnsparks-node-tesseract (npm) Apr 24, 2023
Remote code execution in broccoli-compass Critical
CVE-2023-27848 was published for broccoli-compass (npm) Apr 24, 2023
Prototype Pollution in vConsole Critical
CVE-2023-30363 was published for vconsole (npm) Apr 26, 2023
renbaoshuo
Potential leak of authentication data to 3rd parties Critical
CVE-2023-30846 was published for typed-rest-client (npm) Apr 27, 2023
yahavi JLLeitschuh
appium-desktop OS Command Injection vulnerability Critical
CVE-2023-2479 was published for appium-desktop (npm) May 2, 2023
jsreport vulnerable to code injection Critical
CVE-2023-2583 was published for jsreport (npm) May 8, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-32314 was published for vm2 (npm) May 15, 2023
arkark
Malware in pre-build binaries of bignum Critical
GHSA-7cgc-fjv4-52x6 was published for bignum (npm) May 24, 2023
calebbrown rvagg
nuxt Code Injection vulnerability Critical
CVE-2023-3224 was published for nuxt (npm) Jun 13, 2023
danielroe OhB00
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution Critical
CVE-2023-36475 was published for parse-server (npm) Jun 30, 2023
dblythy mtrezza
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database