GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
129 advisories
Filter by severity
Improper Control of Generation of Code in doT
High
CVE-2020-8141
was published
for
dot
(npm)
May 24, 2022
Duplicate Advisory: tree-kill vulnerable to remote code execution
Critical
GHSA-mxq6-vrrr-ppmg
was published
for
tree-kill
(npm)
May 24, 2022
•
withdrawn
Malicious PDF can inject JavaScript into PDF Viewer
High
CVE-2018-5158
was published
for
pdfjs-dist
(npm)
May 14, 2022
irisnet-crypto RCE Vulnerability
Critical
CVE-2019-9115
was published
for
irisnet-crypto
(npm)
May 13, 2022
Embedded Malicious Code in node-ipc
Critical
CVE-2022-23812
was published
for
node-ipc
(npm)
Mar 16, 2022
Insecure template handling in Express-handlebars
High
CVE-2021-32820
was published
for
express-handlebars
(npm)
Feb 10, 2022
Arbitrary Code Execution in Handlebars
High
CVE-2019-20920
was published
for
handlebars
(npm)
Feb 10, 2022
Prototype Pollution leading to Remote Code Execution in superjson
Critical
CVE-2022-23631
was published
for
blitz
(npm)
Feb 9, 2022
Joplin Vulnerable to Code Injection
Critical
CVE-2022-23340
was published
for
joplin
(npm)
Feb 9, 2022
Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina
Critical
CVE-2023-23619
was published
for
@asyncapi/modelina
(npm)
Sep 21, 2021
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs
Moderate
CVE-2021-32822
was published
for
hbs
(npm)
Sep 2, 2021
Code injection issue for java-spring-cloud-stream-template
High
CVE-2021-37694
was published
for
@asyncapi/java-spring-cloud-stream-template
(npm)
Aug 25, 2021
Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality
Moderate
CVE-2021-32809
was published
for
ckeditor4
(npm)
Aug 23, 2021
Remote Command Execution in reg-keygen-git-hash-plugin
High
CVE-2021-32673
was published
for
reg-keygen-git-hash-plugin
(npm)
Jun 8, 2021
Code Injection in node-extend
Critical
CVE-2020-7673
was published
for
node-extend
(npm)
May 17, 2021
ProTip!
Advisories are also available from the
GraphQL API