Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

964 advisories

Loading
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA Critical
CVE-2023-33831 was published for @frangoteam/fuxa (npm) Sep 18, 2023
Command Injection Vulnerability in find-exec Critical
CVE-2023-40582 was published for find-exec (npm) Aug 30, 2023
miguelafmonteiro
tree-kit Prototype Pollution vulnerability Critical
CVE-2023-38894 was published for tree-kit (npm) Aug 17, 2023
external-svg-loader Cross-site Scripting vulnerability Critical
CVE-2023-40013 was published for external-svg-loader (npm) Aug 14, 2023
r00tdaemon
MrSwitch hello.js vulnerable to prototype pollution Critical
CVE-2021-26505 was published for hellojs (npm) Aug 11, 2023
SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution Critical
CVE-2023-39532 was published for ses (npm) Aug 9, 2023
corrideat
Soketi was exposed to Sandbox Escape vulnerability via vm2 Critical
GHSA-g6w6-h933-4rc5 was published for @soketi/soketi (npm) Aug 3, 2023
Anyone with a share link can RESET all website data in Umami Critical
GHSA-8www-cffh-4q98 was published for umami (npm) Jul 28, 2023
GuyGoldenberg
Path traversal and code execution via prototype vulnerability Critical
CVE-2023-26045 was published for nodebb (npm) Jul 25, 2023
starinfar
Mongoose Prototype Pollution vulnerability Critical
CVE-2023-3696 was published for mongoose (npm) Jul 17, 2023
CleverTap Cordova plugin vulnerable to Cross-site Scripting Critical
CVE-2023-2507 was published for clevertap-cordova (npm) Jul 15, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-37466 was published for vm2 (npm) Jul 13, 2023
leesh3288
vm2 Sandbox Escape vulnerability Critical
CVE-2023-37903 was published for vm2 (npm) Jul 13, 2023
leesh3288
protobufjs Prototype Pollution vulnerability Critical
CVE-2023-36665 was published for protobufjs (npm) Jul 5, 2023
fhoeben stephengroat
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution Critical
CVE-2023-36475 was published for parse-server (npm) Jun 30, 2023
dblythy mtrezza
git-commit-info vulnerable to Command Injection Critical
CVE-2023-26134 was published for git-commit-info (npm) Jun 28, 2023
Malware in pre-build binaries of bignum Critical
GHSA-7cgc-fjv4-52x6 was published for bignum (npm) May 24, 2023
calebbrown rvagg
vm2 Sandbox Escape vulnerability Critical
CVE-2023-32314 was published for vm2 (npm) May 15, 2023
arkark
jsreport vulnerable to code injection Critical
CVE-2023-2583 was published for jsreport (npm) May 8, 2023
appium-desktop OS Command Injection vulnerability Critical
CVE-2023-2479 was published for appium-desktop (npm) May 2, 2023
Potential leak of authentication data to 3rd parties Critical
CVE-2023-30846 was published for typed-rest-client (npm) Apr 27, 2023
yahavi JLLeitschuh
Prototype Pollution in vConsole Critical
CVE-2023-30363 was published for vconsole (npm) Apr 26, 2023
renbaoshuo
Remote code execution in broccoli-compass Critical
CVE-2023-27848 was published for broccoli-compass (npm) Apr 24, 2023
Remote code execution in dawnsparks-node-tesseract Critical
CVE-2023-29566 was published for dawnsparks-node-tesseract (npm) Apr 24, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-30547 was published for vm2 (npm) Apr 20, 2023
leesh3288
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database