GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
62 advisories
Filter by severity
Angular Expressions - Remote Code Execution when using locals
Critical
CVE-2024-54152
was published
for
angular-expressions
(npm)
Dec 10, 2024
hull.js Code Injection Vulnerability
Critical
GHSA-q849-wxrc-vqrp
was published
for
hull.js
(npm)
Dec 2, 2024
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Critical
CVE-2024-21534
was published
for
jsonpath-plus
(Maven)
Oct 11, 2024
Nuxt vulnerable to remote code execution via the browser when running the test locally
Critical
CVE-2024-34344
was published
for
nuxt
(npm)
Aug 5, 2024
Jan path traversal vulnerability
Critical
CVE-2024-37273
was published
for
@janhq/core
(npm)
Jun 4, 2024
jsonic was discovered to contain a prototype pollution via the function empty.
Critical
CVE-2024-38993
was published
for
jsonic
(npm)
Jul 1, 2024
•
withdrawn
Blackprint @blackprint/engine Prototype Pollution issue
Critical
CVE-2024-24294
was published
for
@blackprint/engine
(npm)
May 20, 2024
MySQL2 for Node Arbitrary Code Injection
Critical
CVE-2024-21511
was published
for
mysql2
(npm)
Apr 23, 2024
Joplin Vulnerable to Code Injection
Critical
CVE-2022-23340
was published
for
joplin
(npm)
Feb 9, 2022
convert-svg-core vulnerable to remote code injection
Critical
CVE-2022-25759
was published
for
convert-svg-core
(npm)
Jul 23, 2022
mysql2 Remote Code Execution (RCE) via the readCodeFor function
Critical
CVE-2024-21508
was published
for
mysql2
(npm)
Apr 11, 2024
Budibase affected by VM2 Constructor Escape Vulnerability
Critical
GHSA-4g2x-vq5p-5vj6
was published
for
@budibase/server
(npm)
Mar 1, 2024
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection
Critical
CVE-2020-28502
was published
for
xmlhttprequest
(npm)
May 4, 2021
Arbitrary Code Execution in underscore
Critical
CVE-2021-23358
was published
for
underscore
(npm)
May 6, 2021
Remote code execution in handlebars when compiling templates
Critical
CVE-2021-23369
was published
for
handlebars
(Maven)
May 6, 2021
Unsafe eval() in summit allows arbitrary code execution
Critical
CVE-2017-16020
was published
for
summit
(npm)
Sep 1, 2020
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA
Critical
CVE-2023-33831
was published
for
@frangoteam/fuxa
(npm)
Sep 18, 2023
Duplicate Advisory: tree-kill vulnerable to remote code execution
Critical
GHSA-mxq6-vrrr-ppmg
was published
for
tree-kill
(npm)
May 24, 2022
•
withdrawn
jsreport vulnerable to code injection
Critical
CVE-2023-2583
was published
for
jsreport
(npm)
May 8, 2023
Prototype Pollution leading to Remote Code Execution in superjson
Critical
CVE-2022-23631
was published
for
blitz
(npm)
Feb 9, 2022
builderio/qwik is vulnerable to code injection
Critical
CVE-2023-1283
was published
for
@builder.io/qwik
(npm)
Mar 9, 2023
irisnet-crypto RCE Vulnerability
Critical
CVE-2019-9115
was published
for
irisnet-crypto
(npm)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API