GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
20 advisories
Cocotais Bot has builtin .echo command injection
Moderate
CVE-2025-47948
was published
for
cocotais-bot
(npm)
May 19, 2025
ZX Allows Environment Variable Injection for dotenv API
Moderate
CVE-2025-24959
was published
for
zx
(npm)
Feb 3, 2025
PostCSS line return parsing error
Moderate
CVE-2023-44270
was published
for
postcss
(npm)
Sep 30, 2023
vm2 vulnerable to Inspect Manipulation
Moderate
CVE-2023-32313
was published
for
vm2
(npm)
May 17, 2023
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type
Moderate
CVE-2022-35948
was published
for
undici
(npm)
Aug 18, 2022
@actions/core has Delimiter Injection Vulnerability in exportVariable
Moderate
CVE-2022-35954
was published
for
@actions/core
(npm)
Aug 18, 2022
Prototype Pollution in undefsafe
Moderate
CVE-2019-10795
was published
for
undefsafe
(npm)
Feb 9, 2022
Prototype Pollution in dot-object
Moderate
CVE-2019-10793
was published
for
dot-object
(npm)
Feb 9, 2022
File upload local preview can run embedded scripts after user interaction
Moderate
GHSA-8796-gc9j-63rv
was published
for
matrix-react-sdk
(npm)
May 17, 2021
ProTip!
Advisories are also available from the
GraphQL API