GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
36 advisories
Filter by severity
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy
Critical
CVE-2024-48914
was published
for
@vendure/asset-server-plugin
(npm)
Oct 15, 2024
Insufficient validation when decoding a Socket.IO packet
Critical
CVE-2022-2421
was published
for
socket.io-parser
(npm)
Oct 26, 2022
Server crashes on invalid Cloud Function or Cloud Job name
Critical
CVE-2024-29027
was published
for
parse-server
(npm)
Mar 19, 2024
Improper Input Validation in Automattic Mongoose
Critical
CVE-2019-17426
was published
for
mongoose
(npm)
Oct 22, 2019
Arbitrary Code Execution in eslint-utils
Critical
CVE-2019-15657
was published
for
eslint-utils
(npm)
Aug 26, 2019
Prototype Pollution in deep-extend
Critical
CVE-2018-3750
was published
for
deep-extend
(npm)
Oct 9, 2018
SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution
Critical
CVE-2023-39532
was published
for
ses
(npm)
Aug 9, 2023
Etherpad Lite Access Restriction Bypass
Critical
CVE-2018-6835
was published
for
ep_etherpad-lite
(npm)
May 13, 2022
Remote code execution in mongo-express
Critical
CVE-2020-24391
was published
for
mongodb-query-parser
(npm)
Apr 13, 2021
Prototype Pollution in merge-recursive
Critical
CVE-2018-3751
was published
for
merge-recursive
(npm)
Sep 18, 2018
ejs is vulnerable to remote code execution due to weak input validation
Critical
CVE-2017-1000228
was published
for
ejs
(npm)
Nov 30, 2017
isolated-vm has vulnerable CachedDataOptions in API
Critical
CVE-2022-39266
was published
for
isolated-vm
(npm)
Sep 30, 2022
Nuclide Improper Input Validation
Critical
CVE-2018-6333
was published
for
nuclide
(npm)
May 13, 2022
xmldom allows multiple root nodes in a DOM
Critical
CVE-2022-39353
was published
for
@xmldom/xmldom
(npm)
Nov 1, 2022
Improper parsing of octal bytes in netmask
Critical
CVE-2021-28918
was published
for
netmask
(npm)
Apr 14, 2021
Improper Input Validation in network-manager
Critical
CVE-2019-10786
was published
for
network-manager
(npm)
Apr 13, 2021
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Critical
CVE-2019-10769
was published
for
safer-eval
(npm)
Dec 11, 2019
Command Injection in npm-programmatic
Critical
CVE-2020-7614
was published
for
npm-programmatic
(npm)
Apr 23, 2020
linux-cmdline is vulnerable to Prototype Pollution via the constructor
Critical
CVE-2020-7704
was published
for
linux-cmdline
(npm)
May 24, 2022
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
Critical
CVE-2022-35924
was published
for
next-auth
(npm)
Aug 2, 2022
ProTip!
Advisories are also available from the
GraphQL API