Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

967 advisories

Loading
Remote code execution in broccoli-compass Critical
CVE-2023-27848 was published for broccoli-compass (npm) Apr 24, 2023
Remote code execution in dawnsparks-node-tesseract Critical
CVE-2023-29566 was published for dawnsparks-node-tesseract (npm) Apr 24, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-30547 was published for vm2 (npm) Apr 20, 2023
leesh3288
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin Critical
CVE-2023-22621 was published for @strapi/plugin-email (npm) Apr 19, 2023
derrickmehaffy Ccamm
Convly
@nuxtlabs/github-module made Use of Hard-coded Credentials Critical
CVE-2023-2138 was published for @nuxtlabs/github-module (npm) Apr 18, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-29199 was published for vm2 (npm) Apr 12, 2023
leesh3288
safe-eval vulnerable to Prototype Pollution via the safeEval function Critical
CVE-2023-26121 was published for safe-eval (npm) Apr 11, 2023
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization Critical
CVE-2023-26122 was published for safe-eval (npm) Apr 11, 2023
vm2 vulnerable to sandbox escape Critical
CVE-2023-29017 was published for vm2 (npm) Apr 7, 2023
seongil-wi rectcoordsystem
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend Critical
CVE-2023-28444 was published for angular-server-side-configuration (npm) Mar 24, 2023
milo526
code-server vulnerable to Missing Origin Validation in WebSockets Critical
CVE-2023-26114 was published for code-server (npm) Mar 23, 2023
Cross-realm object access in Webpack 5 Critical
CVE-2023-28154 was published for webpack (npm) Mar 13, 2023
Jack-Works 0723Cu
stoqey/gnuplot is vulnerable to command injection Critical
CVE-2021-33360 was published for @stoqey/gnuplot (npm) Mar 10, 2023
node-bluetooth-serial-port is vulnerable to Buffer Overflow via the findSerialPortChannel Critical
CVE-2023-26109 was published for node-bluetooth-serial-port (npm) Mar 9, 2023
builderio/qwik is vulnerable to code injection Critical
CVE-2023-1283 was published for @builder.io/qwik (npm) Mar 9, 2023
json-logic-js Command Injection vulnerability Critical
CVE-2021-4329 was published for json-logic-js (npm) Mar 5, 2023
Sequelize - Default support for “raw attributes” when using parentheses Critical
CVE-2023-22578 was published for @sequelize/core (npm) Feb 24, 2023
Unsafe fall-through in getWhereConditions Critical
CVE-2023-22579 was published for @sequelize/core (npm) Feb 23, 2023
Sequelize vulnerable to SQL Injection via replacements Critical
CVE-2023-25813 was published for sequelize (npm) Feb 22, 2023
ephys
Versionn Command Injection Vulnerability Critical
CVE-2023-25805 was published for versionn (npm) Feb 22, 2023
Duplicate advisory: Sequelize vulnerable to Improper Filtering of Special Elements Critical
GHSA-8mwq-mj73-qv68 was published for @sequelize/core (npm) Feb 16, 2023 withdrawn
nemo-appium vulnerable to OS Command Injection Critical
CVE-2022-21129 was published for nemo-appium (npm) Jan 31, 2023
Command Injection in create-choo-electron Critical
CVE-2022-25908 was published for create-choo-electron (npm) Jan 26, 2023
Remote code execution in simple-git Critical
CVE-2022-25860 was published for simple-git (npm) Jan 26, 2023
ProTip! Advisories are also available from the GraphQL API