Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3,983 advisories

Loading
Angular Expressions - Remote Code Execution High
CVE-2021-21277 was published for angular-expressions (npm) Feb 1, 2021
Code Injection in mquery Moderate
CVE-2020-35149 was published for mquery (npm) Dec 18, 2020
Arbitrary Code Execution in blazar-dashboard Moderate
CVE-2020-26943 was published for blazar-dashboard (pip) Oct 27, 2020
RCE in XWiki High
CVE-2020-15252 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Oct 16, 2020
Potential Remote Code Execution vulnerability High
CVE-2020-15227 was published for nette/application (Composer) Oct 2, 2020
Users with SCRIPT right can execute arbitrary code in XWiki Low
CVE-2020-15171 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 10, 2020
Command Injection in tree-kill High
CVE-2019-15599 was published for tree-kill (npm) Sep 4, 2020
Arbitrary Code Execution in handlebars High
GHSA-2cf5-4w76-r9qv was published for handlebars (npm) Sep 4, 2020
chalbersma
Arbitrary JavaScript Execution in typed-function High
CVE-2017-1001004 was published for typed-function (npm) Sep 2, 2020
Sandbox Breakout / Arbitrary Code Execution in static-eval High
GHSA-x9hc-rw35-f44h was published for static-eval (npm) Sep 2, 2020
Unsafe eval() in summit allows arbitrary code execution Critical
CVE-2017-16020 was published for summit (npm) Sep 1, 2020
Template Injection in jsrender Moderate
CVE-2016-3942 was published for jsrender (npm) Sep 1, 2020
Content Injection in remarkable High
CVE-2014-10065 was published for remarkable (npm) Aug 31, 2020
tdunlap607
Sandbox Breakout / Arbitrary Code Execution in safe-eval Critical
CVE-2020-7710 was published for safe-eval (npm) Aug 25, 2020
Remote Code Execution in Red Discord Bot High
CVE-2020-15147 was published for Red-DiscordBot (pip) Aug 21, 2020
Jackenmen
openapi-python-client Arbitrary Code Generation vulnerability High
CVE-2020-15142 was published for openapi-python-client (pip) Aug 20, 2020
emann dtkav
dbanty westonsteimel
Log injection in uvicorn High
CVE-2020-7694 was published for uvicorn (pip) Jul 29, 2020
tdunlap607
Remote code execution via user-provided local names in ActionView High
CVE-2020-8163 was published for actionview (RubyGems) Jul 7, 2020
Arbitrary shell command execution in logkitty Critical
CVE-2020-8149 was published for logkitty (npm) Jun 5, 2020
Command injection in node-dns-sync High
CVE-2020-11079 was published for dns-sync (npm) May 28, 2020
Code execution vulnerability in HtmlUnit High
CVE-2020-5529 was published for net.sourceforge.htmlunit:htmlunit (Maven) May 21, 2020
Potential Code Injection in Sprout Forms Critical
CVE-2020-11056 was published for barrelstrength/sprout-base-email (Composer) May 8, 2020
llamaonsecurity
Command Injection in hot-formula-parser Critical
CVE-2020-6836 was published for hot-formula-parser (npm) May 6, 2020
Prototype Pollution in Dojox Low
CVE-2020-5259 was published for dojox (npm) Mar 10, 2020
Prototype pollution in dojo High
CVE-2020-5258 was published for dojo (npm) Mar 10, 2020
ProTip! Advisories are also available from the GraphQL API