GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
955 advisories
Filter by severity
vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on host
Critical
CVE-2022-36067
was published
for
vm2
(npm)
Sep 28, 2022
steal vulnerable to Prototype Pollution via alias variable
Critical
CVE-2022-37265
was published
for
steal
(npm)
Sep 21, 2022
Valine code injection vulnerability
Critical
CVE-2022-38545
was published
for
valine
(npm)
Sep 20, 2022
steal vulnerable to Prototype Pollution
Critical
CVE-2022-37258
was published
for
steal
(npm)
Sep 17, 2022
cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch
Critical
CVE-2022-36084
was published
for
cruddl
(npm)
Sep 16, 2022
steal vulnerable to Prototype Pollution via requestedVersion variable
Critical
CVE-2022-37257
was published
for
steal
(npm)
Sep 16, 2022
steal vulnerable to Prototype Pollution via key variable in babel.js
Critical
CVE-2022-37266
was published
for
steal
(npm)
Sep 16, 2022
steal vulnerable to Prototype Pollution via optionName variable
Critical
CVE-2022-37264
was published
for
steal
(npm)
Sep 16, 2022
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
Critical
CVE-2022-2900
was published
for
parse-url
(npm)
Sep 15, 2022
Cryptographically weak PRNG in `utils.generateUUID`
Critical
CVE-2022-36045
was published
for
nodebb
(npm)
Aug 30, 2022
morgan-json vulnerable to Arbitrary Code Execution
Critical
CVE-2022-25921
was published
for
morgan-json
(npm)
Aug 29, 2022
@pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution
Critical
CVE-2022-25644
was published
for
@pendo324/get-process-by-name
(npm)
Aug 29, 2022
Font-Converter Vulnerable to Arbitrary Command Injection
Critical
CVE-2022-21165
was published
for
font-converter
(npm)
Aug 29, 2022
Mongoose Vulnerable to Prototype Pollution in Schema Object
Critical
CVE-2022-24304
was published
for
mongoose
(npm)
Aug 27, 2022
React Editable Json Tree vulnerable to arbitrary code execution via function parsing
Critical
CVE-2022-36010
was published
for
react-editable-json-tree
(npm)
Aug 18, 2022
loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter
Critical
CVE-2022-35942
was published
for
loopback-connector-postgresql
(npm)
Aug 11, 2022
ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution
Critical
CVE-2022-25907
was published
for
ts-deepmerge
(npm)
Aug 10, 2022
@acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization
Critical
CVE-2022-21186
was published
for
@acrontum/filesystem-template
(npm)
Aug 6, 2022
Raneto v0.17.0 employs weak password complexity requirements
Critical
CVE-2022-35143
was published
for
raneto
(npm)
Aug 5, 2022
node-latex-pdf is susceptible to command injection
Critical
CVE-2020-28433
was published
for
node-latex-pdf
(npm)
Aug 3, 2022
get-npm-package-version Command Injection vulnerability
Critical
CVE-2020-7795
was published
for
get-npm-package-version
(npm)
Aug 3, 2022
curljs Command Injection vulnerability
Critical
CVE-2020-28425
was published
for
curljs
(npm)
Aug 3, 2022
heroku-env susceptible to command injection
Critical
CVE-2020-28437
was published
for
heroku-env
(npm)
Aug 3, 2022
image-tiler susceptible to command injection
Critical
CVE-2020-28451
was published
for
image-tiler
(npm)
Aug 3, 2022
gitblame susceptible to command injection
Critical
CVE-2020-28434
was published
for
gitblame
(npm)
Aug 3, 2022
ProTip!
Advisories are also available from the
GraphQL API