Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

743 advisories

Loading
Command Injection in hot-formula-parser Critical
CVE-2020-6836 was published for hot-formula-parser (npm) May 6, 2020
Arbitrary JavaScript Execution in bassmaster Critical
CVE-2014-7205 was published for bassmaster (npm) Oct 24, 2017
Arbitrary Code Injection in reduce-css-calc Critical
CVE-2016-10548 was published for reduce-css-calc (npm) Jun 7, 2018
Arbitrary Code Injection in pouchdb Critical
CVE-2016-10546 was published for pouchdb (npm) Jul 26, 2018
Command Injection in dns-sync Critical
CVE-2017-16100 was published for dns-sync (npm) Jul 18, 2018
Arbitrary Code Execution in mathjs Critical
CVE-2017-1001002 was published for mathjs (npm) Dec 18, 2017
Code injection in nobelprizeparser Critical
GHSA-4wv4-mgfq-598v was published for nobelprizeparser (npm) Mar 12, 2021
Growl before 1.10.0 vulnerable to Command Injection Critical
CVE-2017-16042 was published for growl (npm) Jun 8, 2018
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views Critical
CVE-2023-22731 was published for shopware/core (Composer) Jan 17, 2023
Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina Critical
CVE-2023-23619 was published for @asyncapi/modelina (npm) Sep 21, 2021
jonaslagoni
Embedded Malicious Code in node-ipc Critical
CVE-2022-23812 was published for node-ipc (npm) Mar 16, 2022
Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE)... Critical Unreviewed
CVE-2022-26205 was published Mar 28, 2022
Web Media Extensions Remote Code Execution Vulnerability Critical Unreviewed
CVE-2021-43214 was published Dec 16, 2021
Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability Critical Unreviewed
CVE-2021-43899 was published Dec 16, 2021
Bot Framework SDK Remote Code Execution Vulnerability Critical Unreviewed
CVE-2021-43225 was published Dec 16, 2021
There is a logic bypass vulnerability in smartphones. Successful exploitation of this... Critical Unreviewed
CVE-2021-22430 was published Feb 26, 2022
ProTip! Advisories are also available from the GraphQL API