Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

57 advisories

Loading
Jan path traversal vulnerability Critical
CVE-2024-37273 was published for @janhq/core (npm) Jun 4, 2024
jsonic was discovered to contain a prototype pollution via the function empty. Critical
CVE-2024-38993 was published for jsonic (npm) Jul 1, 2024 withdrawn
wzrdtales
Blackprint @blackprint/engine Prototype Pollution issue Critical
CVE-2024-24294 was published for @blackprint/engine (npm) May 20, 2024
MySQL2 for Node Arbitrary Code Injection Critical
CVE-2024-21511 was published for mysql2 (npm) Apr 23, 2024
Joplin Vulnerable to Code Injection Critical
CVE-2022-23340 was published for joplin (npm) Feb 9, 2022
convert-svg-core vulnerable to remote code injection Critical
CVE-2022-25759 was published for convert-svg-core (npm) Jul 23, 2022
mysql2 Remote Code Execution (RCE) via the readCodeFor function Critical
CVE-2024-21508 was published for mysql2 (npm) Apr 11, 2024
Budibase affected by VM2 Constructor Escape Vulnerability Critical
GHSA-4g2x-vq5p-5vj6 was published for @budibase/server (npm) Mar 1, 2024
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection Critical
CVE-2020-28502 was published for xmlhttprequest (npm) May 4, 2021
Arbitrary Code Execution in underscore Critical
CVE-2021-23358 was published for underscore (npm) May 6, 2021
rajuc075
Remote code execution in handlebars when compiling templates Critical
CVE-2021-23369 was published for handlebars (Maven) May 6, 2021
westonsteimel
Code injection in fsevents Critical
CVE-2023-45311 was published for fsevents (npm) Oct 6, 2023
Unsafe eval() in summit allows arbitrary code execution Critical
CVE-2017-16020 was published for summit (npm) Sep 1, 2020
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA Critical
CVE-2023-33831 was published for @frangoteam/fuxa (npm) Sep 18, 2023
Duplicate Advisory: tree-kill vulnerable to remote code execution Critical
GHSA-mxq6-vrrr-ppmg was published for tree-kill (npm) May 24, 2022 withdrawn
yasinsd
jsreport vulnerable to code injection Critical
CVE-2023-2583 was published for jsreport (npm) May 8, 2023
vm2 Sandbox Escape vulnerability Critical
CVE-2023-37466 was published for vm2 (npm) Jul 13, 2023
leesh3288
Prototype Pollution leading to Remote Code Execution in superjson Critical
CVE-2022-23631 was published for blitz (npm) Feb 9, 2022
paul-gerste-sonarsource
builderio/qwik is vulnerable to code injection Critical
CVE-2023-1283 was published for @builder.io/qwik (npm) Mar 9, 2023
irisnet-crypto RCE Vulnerability Critical
CVE-2019-9115 was published for irisnet-crypto (npm) May 13, 2022
total.js Remote Code Execution Vulnerability Critical
CVE-2021-23344 was published for total.js (npm) Mar 19, 2021
Chromium Remote Code Execution in electron Critical
CVE-2017-16151 was published for electron (npm) Jul 24, 2018
Code Injection in morgan Critical
CVE-2019-5413 was published for morgan (npm) Mar 25, 2019
Code Injection in cryo Critical
CVE-2018-3784 was published for cryo (npm) Aug 21, 2018
Sandbox Breakout / Arbitrary Code Execution in safe-eval Critical
CVE-2020-7710 was published for safe-eval (npm) Aug 25, 2020
ProTip! Advisories are also available from the GraphQL API