Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

119 advisories

Loading
Potential for Script Injection in syntax-error High
CVE-2014-7192 was published for syntax-error (npm) Oct 24, 2017
RDIL
Arbitrary JavaScript Execution in bassmaster Critical
CVE-2014-7205 was published for bassmaster (npm) Oct 24, 2017
Arbitrary Code Execution in mathjs Critical
CVE-2017-1001002 was published for mathjs (npm) Dec 18, 2017
Arbitrary Code Injection in reduce-css-calc Critical
CVE-2016-10548 was published for reduce-css-calc (npm) Jun 7, 2018
Growl before 1.10.0 vulnerable to Command Injection Critical
CVE-2017-16042 was published for growl (npm) Jun 8, 2018
Command Injection in dns-sync Critical
CVE-2017-16100 was published for dns-sync (npm) Jul 18, 2018
Remote Code Execution in pg Critical
CVE-2017-16082 was published for pg (npm) Jul 24, 2018
Chromium Remote Code Execution in electron Critical
CVE-2017-16151 was published for electron (npm) Jul 24, 2018
Arbitrary Code Injection in pouchdb Critical
CVE-2016-10546 was published for pouchdb (npm) Jul 26, 2018
Code Injection in cryo Critical
CVE-2018-3784 was published for cryo (npm) Aug 21, 2018
xterm vulnerable to remote code execution High
CVE-2019-0542 was published for xterm (npm) Jan 14, 2019
Churro
Potential Command Injection in shell-quote Critical
CVE-2016-10541 was published for shell-quote (npm) Feb 18, 2019
Code Injection in morgan Critical
CVE-2019-5413 was published for morgan (npm) Mar 25, 2019
Code Injection in js-yaml High
GHSA-8j8c-7jfh-h6hx was published for js-yaml (npm) Jun 4, 2019
Remote Code Execution in node-os-utils High
GHSA-j9f8-8h89-j69x was published for node-os-utils (npm) Jun 11, 2019
Command Injection in wiki-plugin-datalog High
GHSA-pm52-wwrw-c282 was published for wiki-plugin-datalog (npm) Jun 13, 2019
Arbitrary Code Injection in mobile-icon-resizer Moderate
GHSA-mxjr-xmcg-fg7w was published for mobile-icon-resizer (npm) Jun 27, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval Critical
CVE-2019-10760 was published for safer-eval (npm) Oct 17, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval Critical
CVE-2019-10759 was published for safer-eval (npm) Oct 21, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval Critical
CVE-2019-10769 was published for safer-eval (npm) Dec 11, 2019
Command Injection in node-df Critical
CVE-2019-15597 was published for node-df (npm) Feb 14, 2020
Prototype pollution in dojo High
CVE-2020-5258 was published for dojo (npm) Mar 10, 2020
Prototype Pollution in Dojox Low
CVE-2020-5259 was published for dojox (npm) Mar 10, 2020
Command Injection in hot-formula-parser Critical
CVE-2020-6836 was published for hot-formula-parser (npm) May 6, 2020
Command injection in node-dns-sync High
CVE-2020-11079 was published for dns-sync (npm) May 28, 2020
ProTip! Advisories are also available from the GraphQL API