GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+
131 advisories
Filter by severity
Chromium Remote Code Execution in electron
Critical
CVE-2017-16151
was published
for
electron
(npm)
Jul 24, 2018
total.js Remote Code Execution Vulnerability
Critical
CVE-2021-23344
was published
for
total.js
(npm)
Mar 19, 2021
irisnet-crypto RCE Vulnerability
Critical
CVE-2019-9115
was published
for
irisnet-crypto
(npm)
May 13, 2022
builderio/qwik is vulnerable to code injection
Critical
CVE-2023-1283
was published
for
@builder.io/qwik
(npm)
Mar 9, 2023
Obsidian Dataview vulnerable to code injection due to unsafe eval
High
CVE-2021-42057
was published
for
obsidian-dataview
(npm)
May 24, 2022
Prototype Pollution leading to Remote Code Execution in superjson
Critical
CVE-2022-23631
was published
for
blitz
(npm)
Feb 9, 2022
node-qpdf vulnerable to command injection
High
CVE-2023-26155
was published
for
node-qpdf
(npm)
Oct 14, 2023
jsreport vulnerable to code injection
Critical
CVE-2023-2583
was published
for
jsreport
(npm)
May 8, 2023
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
Moderate
CVE-2023-39956
was published
for
electron
(npm)
Sep 6, 2023
Duplicate Advisory: tree-kill vulnerable to remote code execution
Critical
GHSA-mxq6-vrrr-ppmg
was published
for
tree-kill
(npm)
May 24, 2022
•
withdrawn
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA
Critical
CVE-2023-33831
was published
for
@frangoteam/fuxa
(npm)
Sep 18, 2023
Backstage Scaffolder plugin has insecure sandbox
High
CVE-2023-35926
was published
for
@backstage/plugin-scaffolder-backend
(npm)
Jun 21, 2023
Unsafe eval() in summit allows arbitrary code execution
Critical
CVE-2017-16020
was published
for
summit
(npm)
Sep 1, 2020
Arbitrary Code Execution in Handlebars
High
CVE-2019-20920
was published
for
handlebars
(npm)
Feb 10, 2022
Remote code execution in handlebars when compiling templates
Critical
CVE-2021-23369
was published
for
handlebars
(Maven)
May 6, 2021
Arbitrary Code Execution in underscore
Critical
CVE-2021-23358
was published
for
underscore
(npm)
May 6, 2021
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection
Critical
CVE-2020-28502
was published
for
xmlhttprequest
(npm)
May 4, 2021
Named path parameters can be overridden in TrieRouter
Moderate
CVE-2023-50710
was published
for
hono
(npm)
Dec 15, 2023
Arbitrary Code Execution in handlebars
High
GHSA-2cf5-4w76-r9qv
was published
for
handlebars
(npm)
Sep 4, 2020
Nteract Remote Code Execution vulnerability
Moderate
CVE-2024-22891
was published
for
nteract
(npm)
Mar 1, 2024
ProTip!
Advisories are also available from the
GraphQL API