GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
48 advisories
Filter by severity
Remote Code Execution on click of <a> Link in markdown preview
High
CVE-2024-49362
was published
for
joplin
(npm)
Nov 14, 2024
lilconfig Code Injection vulnerability
High
CVE-2024-21537
was published
for
lilconfig
(npm)
Oct 31, 2024
OS Command Injection in Snyk gradle plugin
High
CVE-2024-48964
was published
for
snyk-gradle-plugin
(npm)
Oct 23, 2024
Remote command execution in promptr
High
CVE-2024-46489
was published
for
@ifnotnowwhen/promptr
(npm)
Sep 25, 2024
squirrelly Code Injection vulnerability
High
CVE-2024-40453
was published
for
squirrelly
(npm)
Aug 21, 2024
Badger Database Prototype Pollution
High
CVE-2024-36581
was published
for
@abw/badger-database
(npm)
Jun 17, 2024
javascript-deobfuscator crafted payload can lead to code execution
High
CVE-2024-36120
was published
for
js-deobfuscator
(npm)
Jun 4, 2024
Flowise vulnerable to code injection via api/v1
High
CVE-2024-31621
was published
for
flowise
(npm)
Apr 29, 2024
node-qpdf vulnerable to command injection
High
CVE-2023-26155
was published
for
node-qpdf
(npm)
Oct 14, 2023
Backstage Scaffolder plugin has insecure sandbox
High
CVE-2023-35926
was published
for
@backstage/plugin-scaffolder-backend
(npm)
Jun 21, 2023
SketchSVG Arbitrary Code Injection vulnerability
High
CVE-2023-26107
was published
for
sketchsvg
(npm)
Mar 6, 2023
Eta vulnerable to Code Injection via templates rendered with user-defined data
High
CVE-2022-25967
was published
for
eta
(npm)
Jan 30, 2023
dustjs-linkedin vulnerable to Prototype Pollution
High
CVE-2021-4264
was published
for
dustjs-linkedin
(npm)
Dec 21, 2022
Withdrawn: Octocat.js vulnerable to code injection
High
CVE-2022-39390
was published
for
octocat.js
(npm)
Nov 8, 2022
•
withdrawn
Code injection via SVG file in convert-svg-core
High
CVE-2022-24429
was published
for
convert-svg-core
(npm)
Jun 11, 2022
Obsidian Dataview vulnerable to code injection due to unsafe eval
High
CVE-2021-42057
was published
for
obsidian-dataview
(npm)
May 24, 2022
Improper Control of Generation of Code in doT
High
CVE-2020-8141
was published
for
dot
(npm)
May 24, 2022
Malicious PDF can inject JavaScript into PDF Viewer
High
CVE-2018-5158
was published
for
pdfjs-dist
(npm)
May 14, 2022
Insecure template handling in Express-handlebars
High
CVE-2021-32820
was published
for
express-handlebars
(npm)
Feb 10, 2022
Arbitrary Code Execution in Handlebars
High
CVE-2019-20920
was published
for
handlebars
(npm)
Feb 10, 2022
ProTip!
Advisories are also available from the
GraphQL API