GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,648
Erlang
29
GitHub Actions
16
Go
1,705
Maven
4,937
npm
3,470
NuGet
603
pip
2,982
Pub
10
RubyGems
826
Rust
770
Swift
34
Unreviewed advisories
All unreviewed
5,000+
107 advisories
Filter by severity
MySQL2 for Node Arbitrary Code Injection
Critical
CVE-2024-21511
was published
for
mysql2
(npm)
Apr 23, 2024
mysql2 Remote Code Execution (RCE) via the readCodeFor function
Critical
CVE-2024-21508
was published
for
mysql2
(npm)
Apr 11, 2024
Budibase affected by VM2 Constructor Escape Vulnerability
Critical
GHSA-4g2x-vq5p-5vj6
was published
for
@budibase/server
(npm)
Mar 1, 2024
Nteract Remote Code Execution vulnerability
Moderate
CVE-2024-22891
was published
for
nteract
(npm)
Mar 1, 2024
Named path parameters can be overridden in TrieRouter
Moderate
CVE-2023-50710
was published
for
hono
(npm)
Dec 15, 2023
node-qpdf vulnerable to command injection
High
CVE-2023-26155
was published
for
node-qpdf
(npm)
Oct 14, 2023
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA
Critical
CVE-2023-33831
was published
for
@frangoteam/fuxa
(npm)
Sep 18, 2023
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
Moderate
CVE-2023-39956
was published
for
electron
(npm)
Sep 6, 2023
Backstage Scaffolder plugin has insecure sandbox
High
CVE-2023-35926
was published
for
@backstage/plugin-scaffolder-backend
(npm)
Jun 21, 2023
jsreport vulnerable to code injection
Critical
CVE-2023-2583
was published
for
jsreport
(npm)
May 8, 2023
builderio/qwik is vulnerable to code injection
Critical
CVE-2023-1283
was published
for
@builder.io/qwik
(npm)
Mar 9, 2023
SketchSVG Arbitrary Code Injection vulnerability
High
CVE-2023-26107
was published
for
sketchsvg
(npm)
Mar 6, 2023
Eta vulnerable to Code Injection via templates rendered with user-defined data
High
CVE-2022-25967
was published
for
eta
(npm)
Jan 30, 2023
dustjs-linkedin vulnerable to Prototype Pollution
High
CVE-2021-4264
was published
for
dustjs-linkedin
(npm)
Dec 21, 2022
vm2 vulnerable to Arbitrary Code Execution
Critical
CVE-2022-25893
was published
for
vm2
(npm)
Dec 21, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution
Critical
CVE-2020-36618
was published
for
whois
(npm)
Dec 19, 2022
Withdrawn: Octocat.js vulnerable to code injection
High
CVE-2022-39390
was published
for
octocat.js
(npm)
Nov 8, 2022
•
withdrawn
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Low
CVE-2022-36036
was published
for
mdx-mermaid
(npm)
Aug 31, 2022
@pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution
Critical
CVE-2022-25644
was published
for
@pendo324/get-process-by-name
(npm)
Aug 29, 2022
morgan-json vulnerable to Arbitrary Code Execution
Critical
CVE-2022-25921
was published
for
morgan-json
(npm)
Aug 29, 2022
ProTip!
Advisories are also available from the
GraphQL API