GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,013
Erlang
29
GitHub Actions
16
Go
1,806
Maven
5,000+
npm
3,553
NuGet
632
pip
3,148
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
957 advisories
Filter by severity
Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom
Critical
CVE-2022-37616
was published
for
@xmldom/xmldom
(npm)
Oct 11, 2022
•
withdrawn
isolated-vm has vulnerable CachedDataOptions in API
Critical
CVE-2022-39266
was published
for
isolated-vm
(npm)
Sep 30, 2022
vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on host
Critical
CVE-2022-36067
was published
for
vm2
(npm)
Sep 28, 2022
steal vulnerable to Prototype Pollution via alias variable
Critical
CVE-2022-37265
was published
for
steal
(npm)
Sep 21, 2022
Valine code injection vulnerability
Critical
CVE-2022-38545
was published
for
valine
(npm)
Sep 20, 2022
steal vulnerable to Prototype Pollution
Critical
CVE-2022-37258
was published
for
steal
(npm)
Sep 17, 2022
cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch
Critical
CVE-2022-36084
was published
for
cruddl
(npm)
Sep 16, 2022
steal vulnerable to Prototype Pollution via requestedVersion variable
Critical
CVE-2022-37257
was published
for
steal
(npm)
Sep 16, 2022
steal vulnerable to Prototype Pollution via key variable in babel.js
Critical
CVE-2022-37266
was published
for
steal
(npm)
Sep 16, 2022
steal vulnerable to Prototype Pollution via optionName variable
Critical
CVE-2022-37264
was published
for
steal
(npm)
Sep 16, 2022
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
Critical
CVE-2022-2900
was published
for
parse-url
(npm)
Sep 15, 2022
Cryptographically weak PRNG in `utils.generateUUID`
Critical
CVE-2022-36045
was published
for
nodebb
(npm)
Aug 30, 2022
@pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution
Critical
CVE-2022-25644
was published
for
@pendo324/get-process-by-name
(npm)
Aug 29, 2022
morgan-json vulnerable to Arbitrary Code Execution
Critical
CVE-2022-25921
was published
for
morgan-json
(npm)
Aug 29, 2022
Font-Converter Vulnerable to Arbitrary Command Injection
Critical
CVE-2022-21165
was published
for
font-converter
(npm)
Aug 29, 2022
Mongoose Vulnerable to Prototype Pollution in Schema Object
Critical
CVE-2022-24304
was published
for
mongoose
(npm)
Aug 27, 2022
React Editable Json Tree vulnerable to arbitrary code execution via function parsing
Critical
CVE-2022-36010
was published
for
react-editable-json-tree
(npm)
Aug 18, 2022
loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter
Critical
CVE-2022-35942
was published
for
loopback-connector-postgresql
(npm)
Aug 11, 2022
ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution
Critical
CVE-2022-25907
was published
for
ts-deepmerge
(npm)
Aug 10, 2022
@acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization
Critical
CVE-2022-21186
was published
for
@acrontum/filesystem-template
(npm)
Aug 6, 2022
Raneto v0.17.0 employs weak password complexity requirements
Critical
CVE-2022-35143
was published
for
raneto
(npm)
Aug 5, 2022
image-tiler susceptible to command injection
Critical
CVE-2020-28451
was published
for
image-tiler
(npm)
Aug 3, 2022
curljs Command Injection vulnerability
Critical
CVE-2020-28425
was published
for
curljs
(npm)
Aug 3, 2022
get-npm-package-version Command Injection vulnerability
Critical
CVE-2020-7795
was published
for
get-npm-package-version
(npm)
Aug 3, 2022
heroku-env susceptible to command injection
Critical
CVE-2020-28437
was published
for
heroku-env
(npm)
Aug 3, 2022
ProTip!
Advisories are also available from the
GraphQL API