GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
48 advisories
Filter by severity
Command Injection in wiki-plugin-datalog
High
GHSA-pm52-wwrw-c282
was published
for
wiki-plugin-datalog
(npm)
Jun 13, 2019
Remote Code Execution in node-os-utils
High
GHSA-j9f8-8h89-j69x
was published
for
node-os-utils
(npm)
Jun 11, 2019
Potential for Script Injection in syntax-error
High
CVE-2014-7192
was published
for
syntax-error
(npm)
Oct 24, 2017
Sandbox Breakout / Arbitrary Code Execution in static-eval
High
GHSA-x9hc-rw35-f44h
was published
for
static-eval
(npm)
Sep 2, 2020
Arbitrary JavaScript Execution in typed-function
High
CVE-2017-1001004
was published
for
typed-function
(npm)
Sep 2, 2020
Improper Control of Generation of Code in doT
High
CVE-2020-8141
was published
for
dot
(npm)
May 24, 2022
Code injection via SVG file in convert-svg-core
High
CVE-2022-24429
was published
for
convert-svg-core
(npm)
Jun 11, 2022
dustjs-linkedin vulnerable to Prototype Pollution
High
CVE-2021-4264
was published
for
dustjs-linkedin
(npm)
Dec 21, 2022
Command injection in node-dns-sync
High
CVE-2020-11079
was published
for
dns-sync
(npm)
May 28, 2020
Angular Expressions - Remote Code Execution
High
CVE-2021-21277
was published
for
angular-expressions
(npm)
Feb 1, 2021
Code Injection in script-manager
High
CVE-2020-8129
was published
for
script-manager
(npm)
Apr 13, 2021
Improper Input Validation and Code Injection in pdf-image
High
CVE-2020-8132
was published
for
pdf-image
(npm)
May 10, 2021
Code Injection in oauth2-server
High
CVE-2017-18924
was published
for
oauth2-server
(npm)
Apr 22, 2021
Remote Command Execution in reg-keygen-git-hash-plugin
High
CVE-2021-32673
was published
for
reg-keygen-git-hash-plugin
(npm)
Jun 8, 2021
Code injection issue for java-spring-cloud-stream-template
High
CVE-2021-37694
was published
for
@asyncapi/java-spring-cloud-stream-template
(npm)
Aug 25, 2021
Eta vulnerable to Code Injection via templates rendered with user-defined data
High
CVE-2022-25967
was published
for
eta
(npm)
Jan 30, 2023
Withdrawn: Octocat.js vulnerable to code injection
High
CVE-2022-39390
was published
for
octocat.js
(npm)
Nov 8, 2022
•
withdrawn
xterm vulnerable to remote code execution
High
CVE-2019-0542
was published
for
xterm
(npm)
Jan 14, 2019
SketchSVG Arbitrary Code Injection vulnerability
High
CVE-2023-26107
was published
for
sketchsvg
(npm)
Mar 6, 2023
ProTip!
Advisories are also available from the
GraphQL API