GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
307 advisories
Filter by severity
PyTorch vulnerable to arbitrary code execution
Critical
CVE-2022-45907
was published
for
torch
(pip)
Nov 26, 2022
curljs Command Injection vulnerability
Critical
CVE-2020-28425
was published
for
curljs
(npm)
Aug 3, 2022
node-latex-pdf is susceptible to command injection
Critical
CVE-2020-28433
was published
for
node-latex-pdf
(npm)
Aug 3, 2022
image-tiler susceptible to command injection
Critical
CVE-2020-28451
was published
for
image-tiler
(npm)
Aug 3, 2022
gitblame susceptible to command injection
Critical
CVE-2020-28434
was published
for
gitblame
(npm)
Aug 3, 2022
heroku-env susceptible to command injection
Critical
CVE-2020-28437
was published
for
heroku-env
(npm)
Aug 3, 2022
get-npm-package-version Command Injection vulnerability
Critical
CVE-2020-7795
was published
for
get-npm-package-version
(npm)
Aug 3, 2022
Command Injection in Apache James
Moderate
CVE-2021-38542
was published
for
org.apache.james:james-server
(Maven)
Jan 8, 2022
Command injection in mail agent settings
High
CVE-2021-37708
was published
for
shopware/core
(Composer)
Aug 30, 2021
Command injection in Apache DolphinScheduler Alert Plugins
Critical
CVE-2022-45462
was published
for
org.apache.dolphinscheduler:dolphinscheduler-alert-plugins
(Maven)
Nov 23, 2022
NuProcess vulnerable to command-line injection through insertion of NUL character(s)
High
CVE-2022-39243
was published
for
com.zaxxer:nuprocess
(Maven)
Sep 30, 2022
wifey vulnerable to Command Injection due to improper input sanitization
Critical
CVE-2022-25890
was published
for
wifey
(npm)
Jan 9, 2023
global-modules-path Command Injection vulnerability
Critical
CVE-2022-21191
was published
for
global-modules-path
(npm)
Jan 13, 2023
Apache Airflow Hive Provider vulnerable to Command Injection
Critical
CVE-2022-46421
was published
for
apache-airflow-providers-apache-hive
(pip)
Dec 20, 2022
deferred-exec Command Injection vulnerability
Critical
CVE-2020-28438
was published
for
deferred-exec
(npm)
Jul 26, 2022
ffmpeg-sdk vulnerable to OS Command Injection
Critical
CVE-2020-28435
was published
for
ffmpeg-sdk
(npm)
Jul 26, 2022
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath)
Critical
CVE-2020-28447
was published
for
xopen
(npm)
Jul 26, 2022
git-archive vulnerable to Command Injection via exports function
High
CVE-2020-28422
was published
for
git-archive
(npm)
Jul 26, 2022
ntesseract vulnerable to Command Injection
Critical
CVE-2020-28446
was published
for
ntesseract
(npm)
Jul 26, 2022
sonar-wrapper Command Injection vulnerability
Critical
CVE-2020-28443
was published
for
sonar-wrapper
(npm)
Jul 26, 2022
google-cloudstorage-commands Command Injection vulnerability
Critical
CVE-2020-28436
was published
for
google-cloudstorage-commands
(npm)
Jul 26, 2022
Improper Neutralization of Special Elements used in a Command in FitNesse Wiki
High
CVE-2014-1216
was published
for
org.fitnesse:fitnesse
(Maven)
May 17, 2022
Improper Neutralization of Special Elements used in a Command in Apache Cassandra
High
CVE-2015-0225
was published
for
org.apache.cassandra:apache-cassandra
(Maven)
May 14, 2022
Command injection in czproject/git-php
High
CVE-2022-25866
was published
for
czproject/git-php
(Composer)
Apr 26, 2022
OS Command Injection in git-pull-or-clone
Critical
CVE-2022-24437
was published
for
git-pull-or-clone
(npm)
May 3, 2022
ProTip!
Advisories are also available from the
GraphQL API