GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,323
Maven
5,000+
npm
5,000+
NuGet
1,031
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,494
Swift
61
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate
High
CVE-2021-21413
was published
for
isolated-vm
(npm)
Apr 6, 2021
Improper Handling of Unexpected Data Type in ced
High
CVE-2021-39131
was published
for
ced
(npm)
Aug 23, 2021
Command injection in Parse Server through prototype pollution
Critical
CVE-2022-24760
was published
for
parse-server
(npm)
Mar 11, 2022
Denial-of-Service when binding invalid parameters in sqlite3
High
CVE-2022-21227
was published
for
sqlite3
(npm)
Apr 28, 2022
happy-dom's `--disallow-code-generation-from-strings` is not sufficient for isolating untrusted JavaScript
Critical
CVE-2025-62410
was published
for
happy-dom
(npm)
Oct 15, 2025
tinacms is vulnerable to arbitrary code execution
High
CVE-2025-68278
was published
for
@tinacms/cli
(npm)
Dec 18, 2025
locutus is vulnerable to Prototype Pollution
Critical
CVE-2026-25521
was published
for
locutus
(npm)
Feb 2, 2026
n8n Has Expression Escape Vulnerability Leading to RCE
Critical
CVE-2026-25049
was published
for
n8n
(npm)
Feb 4, 2026
Sandbox escape via infinite recursion and error objects
Moderate
CVE-2026-25533
was published
for
@enclave-vm/core
(npm)
Feb 5, 2026
@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses
Critical
CVE-2026-25641
was published
for
@nyariv/sandboxjs
(npm)
Feb 5, 2026
Ghost Vulnerable to Remote Code Execution via Malicious Themes
High
CVE-2026-29053
was published
for
ghost
(npm)
Mar 3, 2026
Arbitrary code execution in protobufjs
Critical
CVE-2026-41242
was published
for
protobufjs
(npm)
Apr 16, 2026
ProTip!
Advisories are also available from the
GraphQL API