Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,141
Erlang
30
GitHub Actions
19
Go
1,942
Maven
5,000+
npm
3,684
NuGet
650
pip
3,303
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

121 advisories

Loading
JSONPath Plus Remote Code Execution (RCE) Vulnerability Critical
CVE-2024-21534 was published for jsonpath-plus (npm) Oct 11, 2024
Remote command execution in promptr High
CVE-2024-46489 was published for @ifnotnowwhen/promptr (npm) Sep 25, 2024
@blakeembrey/template vulnerable to code injection when attacker controls template input High
CVE-2024-45390 was published for @blakeembrey/template (npm) Sep 3, 2024
mcoimbra filipeom
squirrelly Code Injection vulnerability High
CVE-2024-40453 was published for squirrelly (npm) Aug 21, 2024
Editor.js vulnerable to Code Injection Moderate
CVE-2022-23474 was published for @editorjs/editorjs (npm) Aug 5, 2024
Nuxt vulnerable to remote code execution via the browser when running the test locally High
CVE-2024-34344 was published for nuxt (npm) Aug 5, 2024
Ry0taK
jsonic was discovered to contain a prototype pollution via the function empty. Critical
CVE-2024-38993 was published for jsonic (npm) Jul 1, 2024 withdrawn
wzrdtales
Badger Database Prototype Pollution High
CVE-2024-36581 was published for @abw/badger-database (npm) Jun 17, 2024
Jan path traversal vulnerability Critical
CVE-2024-37273 was published for @janhq/core (npm) Jun 4, 2024
javascript-deobfuscator crafted payload can lead to code execution High
CVE-2024-36120 was published for js-deobfuscator (npm) Jun 4, 2024
SteakEnthusiast
Pug allows JavaScript code execution if an application accepts untrusted input Moderate
CVE-2024-36361 was published for pug (npm) May 24, 2024
davidrunger
Blackprint @blackprint/engine Prototype Pollution issue Critical
CVE-2024-24294 was published for @blackprint/engine (npm) May 20, 2024
Flowise vulnerable to code injection via api/v1 High
CVE-2024-31621 was published for flowise (npm) Apr 29, 2024
MySQL2 for Node Arbitrary Code Injection Critical
CVE-2024-21511 was published for mysql2 (npm) Apr 23, 2024
mysql2 Remote Code Execution (RCE) via the readCodeFor function Critical
CVE-2024-21508 was published for mysql2 (npm) Apr 11, 2024
Budibase affected by VM2 Constructor Escape Vulnerability Critical
GHSA-4g2x-vq5p-5vj6 was published for @budibase/server (npm) Mar 1, 2024
Nteract Remote Code Execution vulnerability Moderate
CVE-2024-22891 was published for nteract (npm) Mar 1, 2024
Named path parameters can be overridden in TrieRouter Moderate
CVE-2023-50710 was published for hono (npm) Dec 15, 2023
node-qpdf vulnerable to command injection High
CVE-2023-26155 was published for node-qpdf (npm) Oct 14, 2023
Code injection in fsevents Critical
CVE-2023-45311 was published for fsevents (npm) Oct 6, 2023
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA Critical
CVE-2023-33831 was published for @frangoteam/fuxa (npm) Sep 18, 2023
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd Moderate
CVE-2023-39956 was published for electron (npm) Sep 6, 2023
SimonSiefke MarshallOfSound
vm2 Sandbox Escape vulnerability Critical
CVE-2023-37466 was published for vm2 (npm) Jul 13, 2023
leesh3288
snyk Code Injection vulnerability High
CVE-2022-24441 was published for snyk (npm) Jul 6, 2023
Backstage Scaffolder plugin has insecure sandbox High
CVE-2023-35926 was published for @backstage/plugin-scaffolder-backend (npm) Jun 21, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database