GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
967 advisories
Filter by severity
Remote code execution in broccoli-compass
Critical
CVE-2023-27848
was published
for
broccoli-compass
(npm)
Apr 24, 2023
Remote code execution in dawnsparks-node-tesseract
Critical
CVE-2023-29566
was published
for
dawnsparks-node-tesseract
(npm)
Apr 24, 2023
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin
Critical
CVE-2023-22621
was published
for
@strapi/plugin-email
(npm)
Apr 19, 2023
@nuxtlabs/github-module made Use of Hard-coded Credentials
Critical
CVE-2023-2138
was published
for
@nuxtlabs/github-module
(npm)
Apr 18, 2023
safe-eval vulnerable to Prototype Pollution via the safeEval function
Critical
CVE-2023-26121
was published
for
safe-eval
(npm)
Apr 11, 2023
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization
Critical
CVE-2023-26122
was published
for
safe-eval
(npm)
Apr 11, 2023
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend
Critical
CVE-2023-28444
was published
for
angular-server-side-configuration
(npm)
Mar 24, 2023
code-server vulnerable to Missing Origin Validation in WebSockets
Critical
CVE-2023-26114
was published
for
code-server
(npm)
Mar 23, 2023
Cross-realm object access in Webpack 5
Critical
CVE-2023-28154
was published
for
webpack
(npm)
Mar 13, 2023
stoqey/gnuplot is vulnerable to command injection
Critical
CVE-2021-33360
was published
for
@stoqey/gnuplot
(npm)
Mar 10, 2023
node-bluetooth is vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation
Critical
CVE-2023-26110
was published
for
node-bluetooth
(npm)
Mar 9, 2023
node-bluetooth-serial-port is vulnerable to Buffer Overflow via the findSerialPortChannel
Critical
CVE-2023-26109
was published
for
node-bluetooth-serial-port
(npm)
Mar 9, 2023
builderio/qwik is vulnerable to code injection
Critical
CVE-2023-1283
was published
for
@builder.io/qwik
(npm)
Mar 9, 2023
json-logic-js Command Injection vulnerability
Critical
CVE-2021-4329
was published
for
json-logic-js
(npm)
Mar 5, 2023
Sequelize - Default support for “raw attributes” when using parentheses
Critical
CVE-2023-22578
was published
for
@sequelize/core
(npm)
Feb 24, 2023
Unsafe fall-through in getWhereConditions
Critical
CVE-2023-22579
was published
for
@sequelize/core
(npm)
Feb 23, 2023
Sequelize vulnerable to SQL Injection via replacements
Critical
CVE-2023-25813
was published
for
sequelize
(npm)
Feb 22, 2023
Versionn Command Injection Vulnerability
Critical
CVE-2023-25805
was published
for
versionn
(npm)
Feb 22, 2023
Duplicate advisory: Sequelize vulnerable to Improper Filtering of Special Elements
Critical
GHSA-8mwq-mj73-qv68
was published
for
@sequelize/core
(npm)
Feb 16, 2023
•
withdrawn
nemo-appium vulnerable to OS Command Injection
Critical
CVE-2022-21129
was published
for
nemo-appium
(npm)
Jan 31, 2023
Command Injection in create-choo-electron
Critical
CVE-2022-25908
was published
for
create-choo-electron
(npm)
Jan 26, 2023
Remote code execution in simple-git
Critical
CVE-2022-25860
was published
for
simple-git
(npm)
Jan 26, 2023
ProTip!
Advisories are also available from the
GraphQL API