Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

47 advisories

Loading
@blakeembrey/template vulnerable to code injection when attacker controls template input High
CVE-2024-45390 was published for @blakeembrey/template (npm) Sep 3, 2024
mcoimbra filipeom
squirrelly Code Injection vulnerability High
CVE-2024-40453 was published for squirrelly (npm) Aug 21, 2024
nuxt Code Injection vulnerability High
CVE-2023-3224 was published for nuxt (npm) Jun 13, 2023
danielroe OhB00
Nuxt vulnerable to remote code execution via the browser when running the test locally High
CVE-2024-34344 was published for nuxt (npm) Aug 5, 2024
Ry0taK
Flowise vulnerable to code injection via api/v1 High
CVE-2024-31621 was published for flowise (npm) Apr 29, 2024
Badger Database Prototype Pollution High
CVE-2024-36581 was published for @abw/badger-database (npm) Jun 17, 2024
javascript-deobfuscator crafted payload can lead to code execution High
CVE-2024-36120 was published for js-deobfuscator (npm) Jun 4, 2024
SteakEnthusiast
Malicious PDF can inject JavaScript into PDF Viewer High
CVE-2018-5158 was published for pdfjs-dist (npm) May 14, 2022
Rob--W
Command Injection in lodash High
CVE-2021-23337 was published for lodash (npm) May 6, 2021
mitchell-codecov nitaiapiiro
ebickle
Arbitrary Code Execution in handlebars High
GHSA-2cf5-4w76-r9qv was published for handlebars (npm) Sep 4, 2020
chalbersma
Command Injection in tree-kill High
CVE-2019-15599 was published for tree-kill (npm) Sep 4, 2020
Code Injection in js-yaml High
GHSA-8j8c-7jfh-h6hx was published for js-yaml (npm) Jun 4, 2019
Arbitrary Code Execution in Handlebars High
CVE-2019-20920 was published for handlebars (npm) Feb 10, 2022
Backstage Scaffolder plugin has insecure sandbox High
CVE-2023-35926 was published for @backstage/plugin-scaffolder-backend (npm) Jun 21, 2023
node-qpdf vulnerable to command injection High
CVE-2023-26155 was published for node-qpdf (npm) Oct 14, 2023
Obsidian Dataview vulnerable to code injection due to unsafe eval High
CVE-2021-42057 was published for obsidian-dataview (npm) May 24, 2022
Code Injection in jsen High
CVE-2020-7777 was published for jsen (npm) Feb 10, 2022
Arbitrary Code Execution in shiba High
CVE-2020-7738 was published for shiba (npm) May 10, 2021
Insecure template handling in Express-handlebars High
CVE-2021-32820 was published for express-handlebars (npm) Feb 10, 2022
Prototype Pollution in decal High
CVE-2020-28450 was published for decal (npm) Apr 13, 2021
snyk Code Injection vulnerability High
CVE-2022-24441 was published for snyk (npm) Jul 6, 2023
Content Injection in remarkable High
CVE-2014-10065 was published for remarkable (npm) Aug 31, 2020
tdunlap607
SketchSVG Arbitrary Code Injection vulnerability High
CVE-2023-26107 was published for sketchsvg (npm) Mar 6, 2023
xterm vulnerable to remote code execution High
CVE-2019-0542 was published for xterm (npm) Jan 14, 2019
Churro
Withdrawn: Octocat.js vulnerable to code injection High
CVE-2022-39390 was published for octocat.js (npm) Nov 8, 2022 withdrawn
ProTip! Advisories are also available from the GraphQL API