GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
62 advisories
Filter by severity
Arbitrary JavaScript Execution in bassmaster
Critical
CVE-2014-7205
was published
for
bassmaster
(npm)
Oct 24, 2017
Arbitrary Code Execution in mathjs
Critical
CVE-2017-1001002
was published
for
mathjs
(npm)
Dec 18, 2017
Arbitrary Code Injection in reduce-css-calc
Critical
CVE-2016-10548
was published
for
reduce-css-calc
(npm)
Jun 7, 2018
Growl before 1.10.0 vulnerable to Command Injection
Critical
CVE-2017-16042
was published
for
growl
(npm)
Jun 8, 2018
Chromium Remote Code Execution in electron
Critical
CVE-2017-16151
was published
for
electron
(npm)
Jul 24, 2018
Arbitrary Code Injection in pouchdb
Critical
CVE-2016-10546
was published
for
pouchdb
(npm)
Jul 26, 2018
Potential Command Injection in shell-quote
Critical
CVE-2016-10541
was published
for
shell-quote
(npm)
Feb 18, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Critical
CVE-2019-10760
was published
for
safer-eval
(npm)
Oct 17, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Critical
CVE-2019-10759
was published
for
safer-eval
(npm)
Oct 21, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Critical
CVE-2019-10769
was published
for
safer-eval
(npm)
Dec 11, 2019
Command Injection in hot-formula-parser
Critical
CVE-2020-6836
was published
for
hot-formula-parser
(npm)
May 6, 2020
Arbitrary shell command execution in logkitty
Critical
CVE-2020-8149
was published
for
logkitty
(npm)
Jun 5, 2020
Sandbox Breakout / Arbitrary Code Execution in safe-eval
Critical
CVE-2020-7710
was published
for
safe-eval
(npm)
Aug 25, 2020
Unsafe eval() in summit allows arbitrary code execution
Critical
CVE-2017-16020
was published
for
summit
(npm)
Sep 1, 2020
Code injection in nobelprizeparser
Critical
GHSA-4wv4-mgfq-598v
was published
for
nobelprizeparser
(npm)
Mar 12, 2021
total.js Remote Code Execution Vulnerability
Critical
CVE-2021-23344
was published
for
total.js
(npm)
Mar 19, 2021
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection
Critical
CVE-2020-28502
was published
for
xmlhttprequest
(npm)
May 4, 2021
Remote code execution in handlebars when compiling templates
Critical
CVE-2021-23369
was published
for
handlebars
(Maven)
May 6, 2021
Arbitrary Code Execution in underscore
Critical
CVE-2021-23358
was published
for
underscore
(npm)
May 6, 2021
ProTip!
Advisories are also available from the
GraphQL API