Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

131 advisories

Loading
Code Injection in metacalc Critical
CVE-2022-21122 was published for metacalc (npm) Jun 9, 2022
Code injection via SVG file in convert-svg-core High
CVE-2022-24429 was published for convert-svg-core (npm) Jun 11, 2022
Code injection in electerm Critical
CVE-2020-23256 was published for electerm (npm) Jan 20, 2023
dustjs-linkedin vulnerable to Prototype Pollution High
CVE-2021-4264 was published for dustjs-linkedin (npm) Dec 21, 2022
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid Low
CVE-2022-36036 was published for mdx-mermaid (npm) Aug 31, 2022
sjwall
FurqanSoftware/node-whois vulnerable to Prototype Pollution Critical
CVE-2020-36618 was published for whois (npm) Dec 19, 2022
vm2 vulnerable to Arbitrary Code Execution Critical
CVE-2022-25893 was published for vm2 (npm) Dec 21, 2022
Sandbox Breakout / Arbitrary Code Execution in safer-eval Critical
CVE-2019-10760 was published for safer-eval (npm) Oct 17, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval Critical
CVE-2019-10759 was published for safer-eval (npm) Oct 21, 2019
Command Injection in node-df Critical
CVE-2019-15597 was published for node-df (npm) Feb 14, 2020
Command injection in node-dns-sync High
CVE-2020-11079 was published for dns-sync (npm) May 28, 2020
Sandbox Breakout / Arbitrary Code Execution in safer-eval Critical
CVE-2019-10769 was published for safer-eval (npm) Dec 11, 2019
Angular Expressions - Remote Code Execution High
CVE-2021-21277 was published for angular-expressions (npm) Feb 1, 2021
Withdrawn: Arbitrary Code Execution in static-eval Critical
CVE-2021-23334 was published for static-eval (npm) May 6, 2021 withdrawn
Arbitrary code execution in djv Critical
CVE-2020-28464 was published for djv (npm) Apr 13, 2021
Code Injection in script-manager High
CVE-2020-8129 was published for script-manager (npm) Apr 13, 2021
Improper Input Validation and Code Injection in pdf-image High
CVE-2020-8132 was published for pdf-image (npm) May 10, 2021
Code Injection in oauth2-server High
CVE-2017-18924 was published for oauth2-server (npm) Apr 22, 2021
Improper Input Validation in access-policy Critical
CVE-2020-7674 was published for access-policy (npm) May 17, 2021
Code Injection in cd-messenger Critical
CVE-2020-7675 was published for cd-messenger (npm) May 17, 2021
Code injection in blamer High
CVE-2020-8137 was published for blamer (npm) May 6, 2021
Code Injection in node-extend Critical
CVE-2020-7673 was published for node-extend (npm) May 17, 2021
Code Injection in mosc High
CVE-2020-7672 was published for mosc (npm) May 17, 2021
Code Injection in node-rules Critical
CVE-2020-7609 was published for node-rules (npm) Dec 10, 2021
ProTip! Advisories are also available from the GraphQL API