GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,782
NuGet
683
pip
3,460
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+
131 advisories
Filter by severity
Code injection via SVG file in convert-svg-core
High
CVE-2022-24429
was published
for
convert-svg-core
(npm)
Jun 11, 2022
dustjs-linkedin vulnerable to Prototype Pollution
High
CVE-2021-4264
was published
for
dustjs-linkedin
(npm)
Dec 21, 2022
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Low
CVE-2022-36036
was published
for
mdx-mermaid
(npm)
Aug 31, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution
Critical
CVE-2020-36618
was published
for
whois
(npm)
Dec 19, 2022
vm2 vulnerable to Arbitrary Code Execution
Critical
CVE-2022-25893
was published
for
vm2
(npm)
Dec 21, 2022
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Critical
CVE-2019-10760
was published
for
safer-eval
(npm)
Oct 17, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Critical
CVE-2019-10759
was published
for
safer-eval
(npm)
Oct 21, 2019
Command injection in node-dns-sync
High
CVE-2020-11079
was published
for
dns-sync
(npm)
May 28, 2020
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Critical
CVE-2019-10769
was published
for
safer-eval
(npm)
Dec 11, 2019
Angular Expressions - Remote Code Execution
High
CVE-2021-21277
was published
for
angular-expressions
(npm)
Feb 1, 2021
Withdrawn: Arbitrary Code Execution in static-eval
Critical
CVE-2021-23334
was published
for
static-eval
(npm)
May 6, 2021
•
withdrawn
Code Injection in script-manager
High
CVE-2020-8129
was published
for
script-manager
(npm)
Apr 13, 2021
Improper Input Validation and Code Injection in pdf-image
High
CVE-2020-8132
was published
for
pdf-image
(npm)
May 10, 2021
Code Injection in oauth2-server
High
CVE-2017-18924
was published
for
oauth2-server
(npm)
Apr 22, 2021
Improper Input Validation in access-policy
Critical
CVE-2020-7674
was published
for
access-policy
(npm)
May 17, 2021
Code Injection in cd-messenger
Critical
CVE-2020-7675
was published
for
cd-messenger
(npm)
May 17, 2021
Code Injection in node-extend
Critical
CVE-2020-7673
was published
for
node-extend
(npm)
May 17, 2021
Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality
Moderate
CVE-2021-32809
was published
for
ckeditor4
(npm)
Aug 23, 2021
ProTip!
Advisories are also available from the
GraphQL API