GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
88 advisories
Filter by severity
Command injection in ts-process-promises
Critical
CVE-2020-7784
was published
for
ts-process-promises
(npm)
Jan 13, 2021
Command injection in samba-client
Critical
CVE-2021-27185
was published
for
samba-client
(npm)
Feb 11, 2021
Command injection in wc-cmd
Critical
CVE-2020-28431
was published
for
wc-cmd
(npm)
Mar 19, 2021
•
withdrawn
Code injection in kill-process-by-name
Critical
CVE-2021-23356
was published
for
kill-process-by-name
(npm)
Mar 19, 2021
Command injection in eslint-fixer
Critical
CVE-2021-26275
was published
for
eslint-fixer
(npm)
Apr 13, 2021
Command Injection in nuance-gulp-build-common
Critical
CVE-2020-28430
was published
for
nuance-gulp-build-common
(npm)
Apr 13, 2021
•
withdrawn
Command injection in launchpad
Critical
CVE-2021-23330
was published
for
launchpad
(npm)
Apr 13, 2021
Command Injection in ffmpegdotjs
Critical
CVE-2021-23376
was published
for
ffmpegdotjs
(npm)
May 6, 2021
Command Injection in onion-oled-js
Critical
CVE-2021-23377
was published
for
onion-oled-js
(npm)
May 7, 2021
Command Injection in ps-visitor
Critical
CVE-2021-23374
was published
for
ps-visitor
(npm)
May 7, 2021
Command Injection in geojson2kml
Critical
CVE-2020-28429
was published
for
geojson2kml
(npm)
May 10, 2021
Command Injection in @ronomon/opened
Critical
CVE-2021-29300
was published
for
@ronomon/opened
(npm)
Jun 8, 2021
Command injection in gitlogplus
Critical
CVE-2021-23412
was published
for
gitlogplus
(npm)
Jul 26, 2021
Vulnerability in crunch function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36380
was published
for
aaptjs
(npm)
Nov 1, 2021
Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36381
was published
for
aaptjs
(npm)
Nov 1, 2021
Vulnerability in list function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36376
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in dump function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36377
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in remove function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36379
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36378
was published
for
aaptjs
(npm)
Nov 2, 2021
Command Injection in node-windows
Critical
CVE-2021-45459
was published
for
node-windows
(npm)
Jan 5, 2022
ProTip!
Advisories are also available from the
GraphQL API