GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
88 advisories
Filter by severity
Command Injection in command-exists
Critical
GHSA-cff4-rrq6-h78w
was published
for
command-exists
(npm)
Jun 3, 2019
stoqey/gnuplot is vulnerable to command injection
Critical
CVE-2021-33360
was published
for
@stoqey/gnuplot
(npm)
Mar 10, 2023
Versionn Command Injection Vulnerability
Critical
CVE-2023-25805
was published
for
versionn
(npm)
Feb 22, 2023
nemo-appium vulnerable to OS Command Injection
Critical
CVE-2022-21129
was published
for
nemo-appium
(npm)
Jan 31, 2023
Command Injection in create-choo-electron
Critical
CVE-2022-25908
was published
for
create-choo-electron
(npm)
Jan 26, 2023
Command injection in vagrant.js
Critical
CVE-2022-25962
was published
for
vagrant.js
(npm)
Jan 26, 2023
monorepo-build Command Injection vulnerability
Critical
CVE-2020-28423
was published
for
monorepo-build
(npm)
Aug 3, 2022
Command injection in workspace-tools
Critical
CVE-2022-25865
was published
for
workspace-tools
(npm)
May 14, 2022
Vulnerability in crunch function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36380
was published
for
aaptjs
(npm)
Nov 1, 2021
Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36381
was published
for
aaptjs
(npm)
Nov 1, 2021
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36378
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in list function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36376
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in dump function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36377
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in remove function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36379
was published
for
aaptjs
(npm)
Nov 2, 2021
Code injection in @rkesters/gnuplot
Critical
CVE-2021-29369
was published
for
@rkesters/gnuplot
(npm)
Feb 10, 2022
Command injection in gitlogplus
Critical
CVE-2021-23412
was published
for
gitlogplus
(npm)
Jul 26, 2021
Command injection in eslint-fixer
Critical
CVE-2021-26275
was published
for
eslint-fixer
(npm)
Apr 13, 2021
Command injection in wc-cmd
Critical
CVE-2020-28431
was published
for
wc-cmd
(npm)
Mar 19, 2021
•
withdrawn
Command injection in samba-client
Critical
CVE-2021-27185
was published
for
samba-client
(npm)
Feb 11, 2021
npos-tesseract Command Injection vulnerability
Critical
CVE-2020-28453
was published
for
npos-tesseract
(npm)
Aug 3, 2022
gitblame susceptible to command injection
Critical
CVE-2020-28434
was published
for
gitblame
(npm)
Aug 3, 2022
curljs Command Injection vulnerability
Critical
CVE-2020-28425
was published
for
curljs
(npm)
Aug 3, 2022
ProTip!
Advisories are also available from the
GraphQL API