GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
60 advisories
Filter by severity
Command Injection in hot-formula-parser
Critical
CVE-2020-6836
was published
for
hot-formula-parser
(npm)
May 6, 2020
Arbitrary JavaScript Execution in bassmaster
Critical
CVE-2014-7205
was published
for
bassmaster
(npm)
Oct 24, 2017
Arbitrary Code Injection in reduce-css-calc
Critical
CVE-2016-10548
was published
for
reduce-css-calc
(npm)
Jun 7, 2018
Arbitrary Code Injection in pouchdb
Critical
CVE-2016-10546
was published
for
pouchdb
(npm)
Jul 26, 2018
Arbitrary Code Execution in mathjs
Critical
CVE-2017-1001002
was published
for
mathjs
(npm)
Dec 18, 2017
Code injection in nobelprizeparser
Critical
GHSA-4wv4-mgfq-598v
was published
for
nobelprizeparser
(npm)
Mar 12, 2021
Growl before 1.10.0 vulnerable to Command Injection
Critical
CVE-2017-16042
was published
for
growl
(npm)
Jun 8, 2018
Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina
Critical
CVE-2023-23619
was published
for
@asyncapi/modelina
(npm)
Sep 21, 2021
Embedded Malicious Code in node-ipc
Critical
CVE-2022-23812
was published
for
node-ipc
(npm)
Mar 16, 2022
morgan-json vulnerable to Arbitrary Code Execution
Critical
CVE-2022-25921
was published
for
morgan-json
(npm)
Aug 29, 2022
@pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution
Critical
CVE-2022-25644
was published
for
@pendo324/get-process-by-name
(npm)
Aug 29, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution
Critical
CVE-2020-36618
was published
for
whois
(npm)
Dec 19, 2022
vm2 vulnerable to Arbitrary Code Execution
Critical
CVE-2022-25893
was published
for
vm2
(npm)
Dec 21, 2022
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Critical
CVE-2019-10760
was published
for
safer-eval
(npm)
Oct 17, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Critical
CVE-2019-10759
was published
for
safer-eval
(npm)
Oct 21, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Critical
CVE-2019-10769
was published
for
safer-eval
(npm)
Dec 11, 2019
Withdrawn: Arbitrary Code Execution in static-eval
Critical
CVE-2021-23334
was published
for
static-eval
(npm)
May 6, 2021
•
withdrawn
Improper Input Validation in access-policy
Critical
CVE-2020-7674
was published
for
access-policy
(npm)
May 17, 2021
Code Injection in cd-messenger
Critical
CVE-2020-7675
was published
for
cd-messenger
(npm)
May 17, 2021
Code Injection in node-extend
Critical
CVE-2020-7673
was published
for
node-extend
(npm)
May 17, 2021
ProTip!
Advisories are also available from the
GraphQL API