GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
963 advisories
Filter by severity
Baobab vulnerable to Prototype Pollution
Critical
CVE-2021-4307
was published
for
baobab
(npm)
Jan 7, 2023
nodebatis SQL Injection vulnerability
Critical
CVE-2018-25066
was published
for
nodebatis
(npm)
Jan 6, 2023
exec-local-bin vulnerable to Command Injection
Critical
CVE-2022-25923
was published
for
exec-local-bin
(npm)
Jan 6, 2023
express-param vulnerable to Improper Handling of Extra Parameters
Critical
CVE-2017-20160
was published
for
express-param
(npm)
Dec 31, 2022
json-pointer vulnerable to Prototype Pollution
Critical
CVE-2022-4742
was published
for
json-pointer
(npm)
Dec 26, 2022
flat vulnerable to Prototype Pollution
Critical
CVE-2020-36632
was published
for
flat
(npm)
Dec 25, 2022
vm2 vulnerable to Arbitrary Code Execution
Critical
CVE-2022-25893
was published
for
vm2
(npm)
Dec 21, 2022
safe-eval vulnerable to Prototype Pollution
Critical
CVE-2022-25904
was published
for
safe-eval
(npm)
Dec 20, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution
Critical
CVE-2020-36618
was published
for
whois
(npm)
Dec 19, 2022
npm package rfc6902 vulnerable to Prototype Pollution
Critical
CVE-2021-4245
was published
for
rfc6902
(npm)
Dec 15, 2022
replicator vulnerable to Deserialization of Untrusted Data
Critical
CVE-2021-33420
was published
for
replicator
(npm)
Dec 15, 2022
cycle-import-check vulnerable to Command Injection
Critical
CVE-2022-24377
was published
for
cycle-import-check
(npm)
Dec 14, 2022
NodeBB vulnerable to account takeover via prototype vulnerability
Critical
CVE-2022-46164
was published
for
nodebb
(npm)
Dec 5, 2022
nadesiko3 vulnerable to OS Command Injection
Critical
CVE-2022-42496
was published
for
nadesiko3
(npm)
Dec 5, 2022
Nadesiko3 OS Command Injection vulnerability
Critical
CVE-2022-41642
was published
for
nadesiko3
(npm)
Dec 5, 2022
Remote code execution via MongoDB BSON parser through prototype pollution
Critical
CVE-2022-39396
was published
for
parse-server
(npm)
Nov 8, 2022
@keystone-6/core's NODE_ENV defaults to development with esbuild
Critical
CVE-2022-39382
was published
for
@keystone-6/core
(npm)
Nov 3, 2022
xmldom allows multiple root nodes in a DOM
Critical
CVE-2022-39353
was published
for
@xmldom/xmldom
(npm)
Nov 1, 2022
thlorenz browserify-shim vulnerable to prototype pollution
Critical
CVE-2022-37623
was published
for
browserify-shim
(npm)
Oct 31, 2022
thlorenz browserify-shim vulnerable to prototype pollution
Critical
CVE-2022-37621
was published
for
browserify-shim
(npm)
Oct 29, 2022
Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution
Critical
CVE-2022-29823
was published
for
feathers-sequelize
(npm)
Oct 26, 2022
feathers-sequelize contains improper input validation leading to SQL injection
Critical
CVE-2022-2422
was published
for
feathers-sequelize
(npm)
Oct 26, 2022
Insufficient validation when decoding a Socket.IO packet
Critical
CVE-2022-2421
was published
for
socket.io-parser
(npm)
Oct 26, 2022
feathers-sequelize vulnerable to SQL injection due to improper parameter filtering
Critical
CVE-2022-29822
was published
for
feathers-sequelize
(npm)
Oct 26, 2022
ProTip!
Advisories are also available from the
GraphQL API