Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

22 advisories

Loading
Failure to sanitize quotes which can lead to sql injection in squel Critical
GHSA-4qhx-g9wp-g9m6 was published for squel (npm) Jun 14, 2019
Potential Command Injection in hubot-scripts Critical
CVE-2013-7378 was published for hubot-scripts (npm) Aug 31, 2020
Command injection in Parse Server through prototype pollution Critical
CVE-2022-24760 was published for parse-server (npm) Mar 11, 2022
yuske cristianstaicu
musard mtrezza
cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch Critical
CVE-2022-36084 was published for cruddl (npm) Sep 16, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution Critical
CVE-2020-36618 was published for whois (npm) Dec 19, 2022
ejs template injection vulnerability Critical
CVE-2022-29078 was published for ejs (npm) Apr 26, 2022
Shescape vulnerable to insufficient escaping of whitespace Critical
CVE-2022-31180 was published for shescape (npm) Jul 15, 2022
kurt-r2c
Valine code injection vulnerability Critical
CVE-2022-38545 was published for valine (npm) Sep 20, 2022
Command injection in samba-client Critical
CVE-2021-27185 was published for samba-client (npm) Feb 11, 2021
Command Injection in macfromip Critical
CVE-2020-7786 was published for macfromip (npm) Apr 12, 2021
Command injection in spritesheet-js Critical
CVE-2020-7782 was published for spritesheet-js (npm) Apr 13, 2021
Command Injection in compass-compile Critical
CVE-2020-7635 was published for compass-compile (npm) Dec 9, 2021
RDIL
@keystone-6/core's NODE_ENV defaults to development with esbuild Critical
CVE-2022-39382 was published for @keystone-6/core (npm) Nov 3, 2022
acburdine
Potential Command Injection in libnotify Critical
CVE-2013-7381 was published for libnotify (npm) Aug 31, 2020
Node-Traceroute RCE Vulnerability Critical
CVE-2018-21268 was published for traceroute (npm) May 24, 2022
vm2 Sandbox Escape vulnerability Critical
CVE-2023-30547 was published for vm2 (npm) Apr 20, 2023
leesh3288
vm2 Sandbox Escape vulnerability Critical
CVE-2023-32314 was published for vm2 (npm) May 15, 2023
arkark
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin Critical
CVE-2023-22621 was published for @strapi/plugin-email (npm) Apr 19, 2023
derrickmehaffy Ccamm
Convly
Prototype Pollution in handlebars Critical
CVE-2019-19919 was published for bootstrap-wysihtml5-rails (RubyGems) Dec 26, 2019
npm package rfc6902 vulnerable to Prototype Pollution Critical
CVE-2021-4245 was published for rfc6902 (npm) Dec 15, 2022
Server crashes on invalid Cloud Function or Cloud Job name Critical
CVE-2024-29027 was published for parse-server (npm) Mar 19, 2024
mtrezza EhsanParsania
Server-Side Template Injection in formio Critical
CVE-2020-28246 was published for formio (npm) Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API