Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

68 advisories

Loading
Failure to sanitize quotes which can lead to sql injection in squel Critical
GHSA-4qhx-g9wp-g9m6 was published for squel (npm) Jun 14, 2019
Remote Code Execution in Angular Expressions High
CVE-2020-5219 was published for angular-expressions (npm) Jan 24, 2020
MaxNad
Potential Command Injection in hubot-scripts Critical
CVE-2013-7378 was published for hubot-scripts (npm) Aug 31, 2020
HTML Injection in preact Moderate
GHSA-cg48-9hh2-x6mx was published for preact (npm) Sep 2, 2020
File upload local preview can run embedded scripts after user interaction Moderate
GHSA-8796-gc9j-63rv was published for matrix-react-sdk (npm) May 17, 2021
MR-ZHEEV
Arbitrary code execution in ExifTool High
GHSA-4whq-r978-2x68 was published for exiftool-vendored (npm) May 4, 2021
boardhead wbowling
Arbitrary Code Execution in json-ptr High
GHSA-rrqv-vjrw-hrcr was published for json-ptr (npm) May 26, 2021
Command injection in Parse Server through prototype pollution Critical
CVE-2022-24760 was published for parse-server (npm) Mar 11, 2022
yuske cristianstaicu
musard mtrezza
Command injection in simple-git High
CVE-2022-24433 was published for simple-git (npm) Mar 12, 2022
Improper handling of multiline messages in node-irc affects matrix-appservice-irc High
CVE-2022-29166 was published for matrix-appservice-irc (npm) May 23, 2022
Command injection in git-parse High
CVE-2021-26543 was published for git-parse (npm) Feb 10, 2022
Prototype pollution in dojo High
CVE-2020-5258 was published for dojo (npm) Mar 10, 2020
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov High
CVE-2020-7596 was published for codecov (npm) May 24, 2022
mmcshinsky-bitgo
cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch Critical
CVE-2022-36084 was published for cruddl (npm) Sep 16, 2022
Command injection in google-it High
CVE-2021-34083 was published for google-it (npm) Jun 3, 2022
Code injection via SVG file in convert-svg-core High
CVE-2022-24429 was published for convert-svg-core (npm) Jun 11, 2022
Command injection in docker-tester High
CVE-2021-34079 was published for docker-tester (npm) Jun 3, 2022
dustjs-linkedin vulnerable to Prototype Pollution High
CVE-2021-4264 was published for dustjs-linkedin (npm) Dec 21, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution Critical
CVE-2020-36618 was published for whois (npm) Dec 19, 2022
Parse Server crashes with query parameter High
CVE-2021-39187 was published for parse-server (npm) Sep 2, 2021
mstniy
ejs template injection vulnerability Critical
CVE-2022-29078 was published for ejs (npm) Apr 26, 2022
@actions/core has Delimiter Injection Vulnerability in exportVariable Moderate
CVE-2022-35954 was published for @actions/core (npm) Aug 18, 2022
jupenur
Shescape vulnerable to insufficient escaping of whitespace Critical
CVE-2022-31180 was published for shescape (npm) Jul 15, 2022
kurt-r2c
Valine code injection vulnerability Critical
CVE-2022-38545 was published for valine (npm) Sep 20, 2022
Denial of Service and Content Injection in i18n-node-angular High
CVE-2016-10524 was published for i18n-node-angular (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API