Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

47 advisories

Loading
@blakeembrey/template vulnerable to code injection when attacker controls template input High
CVE-2024-45390 was published for @blakeembrey/template (npm) Sep 3, 2024
mcoimbra filipeom
squirrelly Code Injection vulnerability High
CVE-2024-40453 was published for squirrelly (npm) Aug 21, 2024
Nuxt vulnerable to remote code execution via the browser when running the test locally High
CVE-2024-34344 was published for nuxt (npm) Aug 5, 2024
Ry0taK
Badger Database Prototype Pollution High
CVE-2024-36581 was published for @abw/badger-database (npm) Jun 17, 2024
javascript-deobfuscator crafted payload can lead to code execution High
CVE-2024-36120 was published for js-deobfuscator (npm) Jun 4, 2024
SteakEnthusiast
Flowise vulnerable to code injection via api/v1 High
CVE-2024-31621 was published for flowise (npm) Apr 29, 2024
node-qpdf vulnerable to command injection High
CVE-2023-26155 was published for node-qpdf (npm) Oct 14, 2023
snyk Code Injection vulnerability High
CVE-2022-24441 was published for snyk (npm) Jul 6, 2023
Backstage Scaffolder plugin has insecure sandbox High
CVE-2023-35926 was published for @backstage/plugin-scaffolder-backend (npm) Jun 21, 2023
nuxt Code Injection vulnerability High
CVE-2023-3224 was published for nuxt (npm) Jun 13, 2023
danielroe OhB00
SketchSVG Arbitrary Code Injection vulnerability High
CVE-2023-26107 was published for sketchsvg (npm) Mar 6, 2023
Eta vulnerable to Code Injection via templates rendered with user-defined data High
CVE-2022-25967 was published for eta (npm) Jan 30, 2023
dustjs-linkedin vulnerable to Prototype Pollution High
CVE-2021-4264 was published for dustjs-linkedin (npm) Dec 21, 2022
Withdrawn: Octocat.js vulnerable to code injection High
CVE-2022-39390 was published for octocat.js (npm) Nov 8, 2022 withdrawn
Code injection via SVG file in convert-svg-core High
CVE-2022-24429 was published for convert-svg-core (npm) Jun 11, 2022
Obsidian Dataview vulnerable to code injection due to unsafe eval High
CVE-2021-42057 was published for obsidian-dataview (npm) May 24, 2022
Improper Control of Generation of Code in doT High
CVE-2020-8141 was published for dot (npm) May 24, 2022
Malicious PDF can inject JavaScript into PDF Viewer High
CVE-2018-5158 was published for pdfjs-dist (npm) May 14, 2022
Rob--W
Code injection in accesslog High
CVE-2022-25760 was published for accesslog (npm) Mar 18, 2022
Insecure template handling in Express-handlebars High
CVE-2021-32820 was published for express-handlebars (npm) Feb 10, 2022
Arbitrary Code Execution in Handlebars High
CVE-2019-20920 was published for handlebars (npm) Feb 10, 2022
Code Injection in jsen High
CVE-2020-7777 was published for jsen (npm) Feb 10, 2022
Code Injection in pac-resolver High
CVE-2021-23406 was published for degenerator (npm) Sep 2, 2021
seng1e
Code Injection in total.js High
CVE-2021-32831 was published for total.js (npm) Sep 1, 2021
Code injection issue for java-spring-cloud-stream-template High
CVE-2021-37694 was published for @asyncapi/java-spring-cloud-stream-template (npm) Aug 25, 2021
jonaslagoni
ProTip! Advisories are also available from the GraphQL API