Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,799
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,006
Pub
10
RubyGems
829
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+

54 advisories

MySQL2 for Node Arbitrary Code Injection Critical
CVE-2024-21511 was published for mysql2 (npm) Apr 23, 2024
mysql2 Remote Code Execution (RCE) via the readCodeFor function Critical
CVE-2024-21508 was published for mysql2 (npm) Apr 11, 2024
Budibase affected by VM2 Constructor Escape Vulnerability Critical
GHSA-4g2x-vq5p-5vj6 was published for @budibase/server (npm) Mar 1, 2024
Code injection in fsevents Critical
CVE-2023-45311 was published for fsevents (npm) Oct 6, 2023
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA Critical
CVE-2023-33831 was published for @frangoteam/fuxa (npm) Sep 18, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-37466 was published for vm2 (npm) Jul 13, 2023
leesh3288
jsreport vulnerable to code injection Critical
CVE-2023-2583 was published for jsreport (npm) May 8, 2023
builderio/qwik is vulnerable to code injection Critical
CVE-2023-1283 was published for @builder.io/qwik (npm) Mar 9, 2023
Code injection in electerm Critical
CVE-2020-23256 was published for electerm (npm) Jan 20, 2023
vm2 vulnerable to Arbitrary Code Execution Critical
CVE-2022-25893 was published for vm2 (npm) Dec 21, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution Critical
CVE-2020-36618 was published for whois (npm) Dec 19, 2022
morgan-json vulnerable to Arbitrary Code Execution Critical
CVE-2022-25921 was published for morgan-json (npm) Aug 29, 2022
@pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution Critical
CVE-2022-25644 was published for @pendo324/get-process-by-name (npm) Aug 29, 2022
convert-svg-core vulnerable to remote code injection Critical
CVE-2022-25759 was published for convert-svg-core (npm) Jul 23, 2022
Code Injection in metacalc Critical
CVE-2022-21122 was published for metacalc (npm) Jun 9, 2022
Duplicate Advisory: tree-kill vulnerable to remote code execution Critical
GHSA-mxq6-vrrr-ppmg was published for tree-kill (npm) May 24, 2022 withdrawn
yasinsd
irisnet-crypto RCE Vulnerability Critical
CVE-2019-9115 was published for irisnet-crypto (npm) May 13, 2022
Embedded Malicious Code in node-ipc Critical
CVE-2022-23812 was published for node-ipc (npm) Mar 16, 2022
Prototype Pollution leading to Remote Code Execution in superjson Critical
CVE-2022-23631 was published for blitz (npm) Feb 9, 2022
paul-gerste-sonarsource
Joplin Vulnerable to Code Injection Critical
CVE-2022-23340 was published for joplin (npm) Feb 9, 2022
Code Injection in md-to-pdf. Critical
CVE-2021-23639 was published for md-to-pdf (npm) Dec 16, 2021
Code Injection in node-rules Critical
CVE-2020-7609 was published for node-rules (npm) Dec 10, 2021
Code Injection in total4 Critical
CVE-2021-23390 was published for total4 (npm) Dec 10, 2021
Code Injection in total.js Critical
CVE-2021-23389 was published for total.js (npm) Dec 10, 2021
Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina Critical
CVE-2023-23619 was published for @asyncapi/modelina (npm) Sep 21, 2021
jonaslagoni
ProTip! Advisories are also available from the GraphQL API