Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,780
Erlang
36
GitHub Actions
29
Go
2,344
Maven
5,000+
npm
3,973
NuGet
719
pip
3,770
Pub
12
RubyGems
923
Rust
978
Swift
38
Unreviewed advisories
All unreviewed
5,000+

66 advisories

Loading
vm2 Sandbox Escape vulnerability Critical
CVE-2023-37466 was published for vm2 (npm) Jul 13, 2023
leesh3288
Prototype Pollution leading to Remote Code Execution in superjson Critical
CVE-2022-23631 was published for blitz (npm) Feb 9, 2022
paul-gerste-sonarsource
builderio/qwik is vulnerable to code injection Critical
CVE-2023-1283 was published for @builder.io/qwik (npm) Mar 9, 2023
irisnet-crypto RCE Vulnerability Critical
CVE-2019-9115 was published for irisnet-crypto (npm) May 13, 2022
total.js Remote Code Execution Vulnerability Critical
CVE-2021-23344 was published for total.js (npm) Mar 19, 2021
Chromium Remote Code Execution in electron Critical
CVE-2017-16151 was published for electron (npm) Jul 24, 2018
Code Injection in morgan Critical
CVE-2019-5413 was published for morgan (npm) Mar 25, 2019
Code Injection in cryo Critical
CVE-2018-3784 was published for cryo (npm) Aug 21, 2018
Sandbox Breakout / Arbitrary Code Execution in safe-eval Critical
CVE-2020-7710 was published for safe-eval (npm) Aug 25, 2020
Remote Code Execution in pg Critical
CVE-2017-16082 was published for pg (npm) Jul 24, 2018
Code Injection in total4 Critical
CVE-2021-23390 was published for total4 (npm) Dec 10, 2021
Arbitrary shell command execution in logkitty Critical
CVE-2020-8149 was published for logkitty (npm) Jun 5, 2020
Potential Command Injection in shell-quote Critical
CVE-2016-10541 was published for shell-quote (npm) Feb 18, 2019
Code Injection in md-to-pdf. Critical
CVE-2021-23639 was published for md-to-pdf (npm) Dec 16, 2021
Code Injection in total.js Critical
CVE-2021-23389 was published for total.js (npm) Dec 10, 2021
Code Injection in node-rules Critical
CVE-2020-7609 was published for node-rules (npm) Dec 10, 2021
Code Injection in node-extend Critical
CVE-2020-7673 was published for node-extend (npm) May 17, 2021
Code Injection in cd-messenger Critical
CVE-2020-7675 was published for cd-messenger (npm) May 17, 2021
Improper Input Validation in access-policy Critical
CVE-2020-7674 was published for access-policy (npm) May 17, 2021
Arbitrary code execution in djv Critical
CVE-2020-28464 was published for djv (npm) Apr 13, 2021
Withdrawn: Arbitrary Code Execution in static-eval Critical
CVE-2021-23334 was published for static-eval (npm) May 6, 2021 withdrawn
Sandbox Breakout / Arbitrary Code Execution in safer-eval Critical
CVE-2019-10769 was published for safer-eval (npm) Dec 11, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval Critical
CVE-2019-10759 was published for safer-eval (npm) Oct 21, 2019
Command Injection in node-df Critical
CVE-2019-15597 was published for node-df (npm) Feb 14, 2020
Sandbox Breakout / Arbitrary Code Execution in safer-eval Critical
CVE-2019-10760 was published for safer-eval (npm) Oct 17, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database