GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,680
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
964 advisories
Filter by severity
Prototype Pollution in handlebars
Critical
CVE-2019-19919
was published
for
bootstrap-wysihtml5-rails
(RubyGems)
Dec 26, 2019
git-commit-info vulnerable to Command Injection
Critical
CVE-2023-26134
was published
for
git-commit-info
(npm)
Jun 28, 2023
exec-local-bin vulnerable to Command Injection
Critical
CVE-2022-25923
was published
for
exec-local-bin
(npm)
Jan 6, 2023
Arbitrary Code Execution in eslint-utils
Critical
CVE-2019-15657
was published
for
eslint-utils
(npm)
Aug 26, 2019
Prototype Pollution in deep-extend
Critical
CVE-2018-3750
was published
for
deep-extend
(npm)
Oct 9, 2018
Insufficient Entropy in cryptiles
Critical
CVE-2018-1000620
was published
for
cryptiles
(npm)
Sep 11, 2018
Deserialization of Untrusted Data in bson
Critical
CVE-2020-7610
was published
for
bson
(npm)
May 7, 2021
Exposure of Sensitive Information in eventsource
Critical
CVE-2022-1650
was published
for
eventsource
(npm)
May 13, 2022
Unsafe eval() in summit allows arbitrary code execution
Critical
CVE-2017-16020
was published
for
summit
(npm)
Sep 1, 2020
@nuxtlabs/github-module made Use of Hard-coded Credentials
Critical
CVE-2023-2138
was published
for
@nuxtlabs/github-module
(npm)
Apr 18, 2023
Potential leak of authentication data to 3rd parties
Critical
CVE-2023-30846
was published
for
typed-rest-client
(npm)
Apr 27, 2023
Remote code execution in dawnsparks-node-tesseract
Critical
CVE-2023-29566
was published
for
dawnsparks-node-tesseract
(npm)
Apr 24, 2023
SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution
Critical
CVE-2023-39532
was published
for
ses
(npm)
Aug 9, 2023
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA
Critical
CVE-2023-33831
was published
for
@frangoteam/fuxa
(npm)
Sep 18, 2023
Remote code execution in broccoli-compass
Critical
CVE-2023-27848
was published
for
broccoli-compass
(npm)
Apr 24, 2023
MrSwitch hello.js vulnerable to prototype pollution
Critical
CVE-2021-26505
was published
for
hellojs
(npm)
Aug 11, 2023
tree-kit Prototype Pollution vulnerability
Critical
CVE-2023-38894
was published
for
tree-kit
(npm)
Aug 17, 2023
Path traversal and code execution via prototype vulnerability
Critical
CVE-2023-26045
was published
for
nodebb
(npm)
Jul 25, 2023
Duplicate Advisory: tree-kill vulnerable to remote code execution
Critical
GHSA-mxq6-vrrr-ppmg
was published
for
tree-kill
(npm)
May 24, 2022
•
withdrawn
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46133
was published
for
crypto-es
(npm)
Oct 25, 2023
external-svg-loader Cross-site Scripting vulnerability
Critical
CVE-2023-40013
was published
for
external-svg-loader
(npm)
Aug 14, 2023
appium-desktop OS Command Injection vulnerability
Critical
CVE-2023-2479
was published
for
appium-desktop
(npm)
May 2, 2023
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin
Critical
CVE-2023-22621
was published
for
@strapi/plugin-email
(npm)
Apr 19, 2023
ProTip!
Advisories are also available from the
GraphQL API