Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

131 advisories

Loading
Code Injection in morgan Critical
CVE-2019-5413 was published for morgan (npm) Mar 25, 2019
Chromium Remote Code Execution in electron Critical
CVE-2017-16151 was published for electron (npm) Jul 24, 2018
total.js Remote Code Execution Vulnerability Critical
CVE-2021-23344 was published for total.js (npm) Mar 19, 2021
irisnet-crypto RCE Vulnerability Critical
CVE-2019-9115 was published for irisnet-crypto (npm) May 13, 2022
builderio/qwik is vulnerable to code injection Critical
CVE-2023-1283 was published for @builder.io/qwik (npm) Mar 9, 2023
Obsidian Dataview vulnerable to code injection due to unsafe eval High
CVE-2021-42057 was published for obsidian-dataview (npm) May 24, 2022
Prototype Pollution leading to Remote Code Execution in superjson Critical
CVE-2022-23631 was published for blitz (npm) Feb 9, 2022
paul-gerste-sonarsource
node-qpdf vulnerable to command injection High
CVE-2023-26155 was published for node-qpdf (npm) Oct 14, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-37466 was published for vm2 (npm) Jul 13, 2023
leesh3288
jsreport vulnerable to code injection Critical
CVE-2023-2583 was published for jsreport (npm) May 8, 2023
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd Moderate
CVE-2023-39956 was published for electron (npm) Sep 6, 2023
SimonSiefke MarshallOfSound
Duplicate Advisory: tree-kill vulnerable to remote code execution Critical
GHSA-mxq6-vrrr-ppmg was published for tree-kill (npm) May 24, 2022 withdrawn
yasinsd
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA Critical
CVE-2023-33831 was published for @frangoteam/fuxa (npm) Sep 18, 2023
Backstage Scaffolder plugin has insecure sandbox High
CVE-2023-35926 was published for @backstage/plugin-scaffolder-backend (npm) Jun 21, 2023
Unsafe eval() in summit allows arbitrary code execution Critical
CVE-2017-16020 was published for summit (npm) Sep 1, 2020
Code injection in fsevents Critical
CVE-2023-45311 was published for fsevents (npm) Oct 6, 2023
Arbitrary Code Execution in Handlebars High
CVE-2019-20920 was published for handlebars (npm) Feb 10, 2022
Remote code execution in handlebars when compiling templates Critical
CVE-2021-23369 was published for handlebars (Maven) May 6, 2021
westonsteimel
Code Injection in js-yaml High
GHSA-8j8c-7jfh-h6hx was published for js-yaml (npm) Jun 4, 2019
Command Injection in tree-kill High
CVE-2019-15599 was published for tree-kill (npm) Sep 4, 2020
Arbitrary Code Execution in underscore Critical
CVE-2021-23358 was published for underscore (npm) May 6, 2021
rajuc075
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection Critical
CVE-2020-28502 was published for xmlhttprequest (npm) May 4, 2021
Named path parameters can be overridden in TrieRouter Moderate
CVE-2023-50710 was published for hono (npm) Dec 15, 2023
Arbitrary Code Execution in handlebars High
GHSA-2cf5-4w76-r9qv was published for handlebars (npm) Sep 4, 2020
chalbersma
Nteract Remote Code Execution vulnerability Moderate
CVE-2024-22891 was published for nteract (npm) Mar 1, 2024
ProTip! Advisories are also available from the GraphQL API