Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

271 advisories

Loading
Command Injection in wiki-plugin-datalog High
GHSA-pm52-wwrw-c282 was published for wiki-plugin-datalog (npm) Jun 13, 2019
Remote Code Execution in node-os-utils High
GHSA-j9f8-8h89-j69x was published for node-os-utils (npm) Jun 11, 2019
Potential for Script Injection in syntax-error High
CVE-2014-7192 was published for syntax-error (npm) Oct 24, 2017
RDIL
Sandbox Breakout / Arbitrary Code Execution in static-eval High
GHSA-x9hc-rw35-f44h was published for static-eval (npm) Sep 2, 2020
Arbitrary JavaScript Execution in typed-function High
CVE-2017-1001004 was published for typed-function (npm) Sep 2, 2020
Code injection in Narou High
CVE-2021-35514 was published for narou (RubyGems) Jul 2, 2021
Server-side Template Injection in nystudio107/craft-seomatic High
CVE-2021-44618 was published for nystudio107/craft-seomatic (Composer) Mar 12, 2022
Static Code Injection in Microweber High
CVE-2022-0895 was published for microweber/microweber (Composer) Mar 11, 2022
Code Injection in CRI-O High
CVE-2022-0811 was published for github.com/cri-o/cri-o (Go) Mar 15, 2022
Code injection in accesslog High
CVE-2022-25760 was published for accesslog (npm) Mar 18, 2022
Code Injection in Bolt CMS High
CVE-2021-40219 was published for bolt/core (Composer) Apr 12, 2022
PHPMailer susceptible to arbitrary code execution High
CVE-2008-5619 was published for phpmailer/phpmailer (Composer) May 14, 2022
jhutchings1
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
Prototype pollution in dojo High
CVE-2020-5258 was published for dojo (npm) Mar 10, 2020
Improper Control of Generation of Code in doT High
CVE-2020-8141 was published for dot (npm) May 24, 2022
PHP Code Injection by malicious block or filename in Smarty High
CVE-2022-29221 was published for smarty/smarty (Composer) May 25, 2022
altm4n
Code injection via SVG file in convert-svg-core High
CVE-2022-24429 was published for convert-svg-core (npm) Jun 11, 2022
Code injection in Elefant CMS High
CVE-2017-20064 was published for elefant/cms (Composer) Jun 21, 2022
Code injection in grav High
CVE-2022-2073 was published for getgrav/grav (Composer) Jun 30, 2022
Akeneo PIM Community Edition vulnerable to remote php code execution High
CVE-2022-46157 was published for akeneo/pim-community-dev (Composer) Dec 9, 2022
dustjs-linkedin vulnerable to Prototype Pollution High
CVE-2021-4264 was published for dustjs-linkedin (npm) Dec 21, 2022
Grav's Twig processing allowing dangerous PHP functions by default High
CVE-2021-29440 was published for getgrav/grav (Composer) Apr 16, 2021
thomas-chauchefoin-sonarsource
October CMS Safe Mode bypass leads to authenticated Remote Code Execution High
CVE-2022-35944 was published for october/system (Composer) Oct 13, 2022
cydave daftspunk
run-terraform allows for RCE via terraform plan High
CVE-2022-39326 was published for kartverket/github-workflows (GitHub Actions) Oct 19, 2022
eliihen
October/System authenticated file write leads to remote code execution High
CVE-2021-32649 was published for october/system (Composer) Jan 14, 2022
cydave
ProTip! Advisories are also available from the GraphQL API