Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

586 advisories

Loading
Arbitrary Code Injection in mobile-icon-resizer Moderate
GHSA-mxjr-xmcg-fg7w was published for mobile-icon-resizer (npm) Jun 27, 2019
Command Injection in wiki-plugin-datalog High
GHSA-pm52-wwrw-c282 was published for wiki-plugin-datalog (npm) Jun 13, 2019
Remote Code Execution in node-os-utils High
GHSA-j9f8-8h89-j69x was published for node-os-utils (npm) Jun 11, 2019
Command Injection in hot-formula-parser Critical
CVE-2020-6836 was published for hot-formula-parser (npm) May 6, 2020
Prototype Pollution in Dojox Low
CVE-2020-5259 was published for dojox (npm) Mar 10, 2020
Arbitrary JavaScript Execution in bassmaster Critical
CVE-2014-7205 was published for bassmaster (npm) Oct 24, 2017
Potential for Script Injection in syntax-error High
CVE-2014-7192 was published for syntax-error (npm) Oct 24, 2017
RDIL
Arbitrary Code Injection in reduce-css-calc Critical
CVE-2016-10548 was published for reduce-css-calc (npm) Jun 7, 2018
Arbitrary Code Injection in pouchdb Critical
CVE-2016-10546 was published for pouchdb (npm) Jul 26, 2018
Command Injection in dns-sync Critical
CVE-2017-16100 was published for dns-sync (npm) Jul 18, 2018
Sandbox Breakout / Arbitrary Code Execution in static-eval High
GHSA-x9hc-rw35-f44h was published for static-eval (npm) Sep 2, 2020
Arbitrary Code Execution in mathjs Critical
CVE-2017-1001002 was published for mathjs (npm) Dec 18, 2017
Arbitrary JavaScript Execution in typed-function High
CVE-2017-1001004 was published for typed-function (npm) Sep 2, 2020
Code injection in nobelprizeparser Critical
GHSA-4wv4-mgfq-598v was published for nobelprizeparser (npm) Mar 12, 2021
Code Injection in mquery Moderate
CVE-2020-35149 was published for mquery (npm) Dec 18, 2020
Object injection in cookie driver in phpfastcache Moderate
CVE-2019-16774 was published for phpfastcache/phpfastcache (Composer) Dec 12, 2019
Geolim4
Growl before 1.10.0 vulnerable to Command Injection Critical
CVE-2017-16042 was published for growl (npm) Jun 8, 2018
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument Moderate
GHSA-7vcx-v65q-9wpg was published for phpxmlrpc/phpxmlrpc (Composer) Jan 11, 2023
TatianaGarcia94
Code injection in Narou High
CVE-2021-35514 was published for narou (RubyGems) Jul 2, 2021
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views Critical
CVE-2023-22731 was published for shopware/core (Composer) Jan 17, 2023
Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina Critical
CVE-2023-23619 was published for @asyncapi/modelina (npm) Sep 21, 2021
jonaslagoni
Static Code Injection in Microweber High
CVE-2022-0895 was published for microweber/microweber (Composer) Mar 11, 2022
Server-side Template Injection in nystudio107/craft-seomatic High
CVE-2021-44618 was published for nystudio107/craft-seomatic (Composer) Mar 12, 2022
Code Injection in CRI-O High
CVE-2022-0811 was published for github.com/cri-o/cri-o (Go) Mar 15, 2022
Embedded Malicious Code in node-ipc Critical
CVE-2022-23812 was published for node-ipc (npm) Mar 16, 2022
ProTip! Advisories are also available from the GraphQL API