Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

965 advisories

Loading
Denial of Service in memjs Critical
CVE-2018-3767 was published for memjs (npm) Oct 10, 2018
Out-of-bounds Read in atob Critical
CVE-2018-3745 was published for atob (npm) Oct 9, 2018
Prototype Pollution in deep-extend Critical
CVE-2018-3750 was published for deep-extend (npm) Oct 9, 2018
Verification Bypass in jsonwebtoken Critical
CVE-2015-9235 was published for jsonwebtoken (npm) Oct 9, 2018
Prototype Pollution in merge-options Critical
CVE-2018-3752 was published for merge-options (npm) Oct 9, 2018
Prototype Pollution in async merge-object Critical
CVE-2018-3753 was published for merge-object (npm) Sep 18, 2018
Prototype Pollution in merge-recursive Critical
CVE-2018-3751 was published for merge-recursive (npm) Sep 18, 2018
Path Traversal in html-pages Critical
CVE-2018-3744 was published for html-pages (npm) Sep 18, 2018
ps Enables OS Command Injection Critical
CVE-2018-16460 was published for ps (npm) Sep 17, 2018
Command Injection in egg-scripts Critical
CVE-2018-3786 was published for egg-scripts (npm) Sep 17, 2018
tdunlap607
Insufficient Entropy in cryptiles Critical
CVE-2018-1000620 was published for cryptiles (npm) Sep 11, 2018
jkmartindale
Sensitive Data Exposure in msrcrypto Critical
CVE-2018-8319 was published for msrcrypto (npm) Sep 10, 2018
Command Injection in macaddress Critical
CVE-2018-13797 was published for macaddress (npm) Sep 6, 2018
Privilege Escalation due to Blind NoSQL Injection in flintcms Critical
CVE-2018-3783 was published for flintcms (npm) Aug 21, 2018
Command Injection in git-dummy-commit Critical
CVE-2018-3785 was published for git-dummy-commit (npm) Aug 21, 2018
Code Injection in cryo Critical
CVE-2018-3784 was published for cryo (npm) Aug 21, 2018
Open Redirect in url-parse Critical
CVE-2018-3774 was published for url-parse (npm) Aug 13, 2018
Command Injection in whereis Critical
CVE-2018-3772 was published for whereis (npm) Jul 31, 2018
Denial of Service in https-proxy-agent Critical
CVE-2018-3739 was published for https-proxy-agent (npm) Jul 27, 2018
kurt-r2c
Critical severity vulnerability that affects dns-sync Critical
GHSA-wxvm-fh75-mpgr was published for dns-sync (npm) Jul 26, 2018 withdrawn
Arbitrary Code Injection in pouchdb Critical
CVE-2016-10546 was published for pouchdb (npm) Jul 26, 2018
Chromium Remote Code Execution in electron Critical
CVE-2017-16151 was published for electron (npm) Jul 24, 2018
Remote Code Execution in pg Critical
CVE-2017-16082 was published for pg (npm) Jul 24, 2018
Sandbox Breakout in safe-eval Critical
CVE-2017-16088 was published for safe-eval (npm) Jul 18, 2018
Command Injection in dns-sync Critical
CVE-2017-16100 was published for dns-sync (npm) Jul 18, 2018
ProTip! Advisories are also available from the GraphQL API