GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
47 advisories
Filter by severity
@blakeembrey/template vulnerable to code injection when attacker controls template input
High
CVE-2024-45390
was published
for
@blakeembrey/template
(npm)
Sep 3, 2024
squirrelly Code Injection vulnerability
High
CVE-2024-40453
was published
for
squirrelly
(npm)
Aug 21, 2024
Nuxt vulnerable to remote code execution via the browser when running the test locally
High
CVE-2024-34344
was published
for
nuxt
(npm)
Aug 5, 2024
Flowise vulnerable to code injection via api/v1
High
CVE-2024-31621
was published
for
flowise
(npm)
Apr 29, 2024
Badger Database Prototype Pollution
High
CVE-2024-36581
was published
for
@abw/badger-database
(npm)
Jun 17, 2024
javascript-deobfuscator crafted payload can lead to code execution
High
CVE-2024-36120
was published
for
js-deobfuscator
(npm)
Jun 4, 2024
Malicious PDF can inject JavaScript into PDF Viewer
High
CVE-2018-5158
was published
for
pdfjs-dist
(npm)
May 14, 2022
Arbitrary Code Execution in handlebars
High
GHSA-2cf5-4w76-r9qv
was published
for
handlebars
(npm)
Sep 4, 2020
Arbitrary Code Execution in Handlebars
High
CVE-2019-20920
was published
for
handlebars
(npm)
Feb 10, 2022
Backstage Scaffolder plugin has insecure sandbox
High
CVE-2023-35926
was published
for
@backstage/plugin-scaffolder-backend
(npm)
Jun 21, 2023
node-qpdf vulnerable to command injection
High
CVE-2023-26155
was published
for
node-qpdf
(npm)
Oct 14, 2023
Obsidian Dataview vulnerable to code injection due to unsafe eval
High
CVE-2021-42057
was published
for
obsidian-dataview
(npm)
May 24, 2022
Insecure template handling in Express-handlebars
High
CVE-2021-32820
was published
for
express-handlebars
(npm)
Feb 10, 2022
SketchSVG Arbitrary Code Injection vulnerability
High
CVE-2023-26107
was published
for
sketchsvg
(npm)
Mar 6, 2023
xterm vulnerable to remote code execution
High
CVE-2019-0542
was published
for
xterm
(npm)
Jan 14, 2019
Withdrawn: Octocat.js vulnerable to code injection
High
CVE-2022-39390
was published
for
octocat.js
(npm)
Nov 8, 2022
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API