Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

88 advisories

Loading
Command Injection in command-exists Critical
GHSA-cff4-rrq6-h78w was published for command-exists (npm) Jun 3, 2019
tdunlap607
stoqey/gnuplot is vulnerable to command injection Critical
CVE-2021-33360 was published for @stoqey/gnuplot (npm) Mar 10, 2023
Versionn Command Injection Vulnerability Critical
CVE-2023-25805 was published for versionn (npm) Feb 22, 2023
nemo-appium vulnerable to OS Command Injection Critical
CVE-2022-21129 was published for nemo-appium (npm) Jan 31, 2023
Command Injection in create-choo-electron Critical
CVE-2022-25908 was published for create-choo-electron (npm) Jan 26, 2023
Command injection in vagrant.js Critical
CVE-2022-25962 was published for vagrant.js (npm) Jan 26, 2023
monorepo-build Command Injection vulnerability Critical
CVE-2020-28423 was published for monorepo-build (npm) Aug 3, 2022
Command injection in workspace-tools Critical
CVE-2022-25865 was published for workspace-tools (npm) May 14, 2022
Vulnerability in crunch function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36380 was published for aaptjs (npm) Nov 1, 2021
Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36381 was published for aaptjs (npm) Nov 1, 2021
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36378 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in list function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36376 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in dump function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36377 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in remove function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36379 was published for aaptjs (npm) Nov 2, 2021
Code injection in @rkesters/gnuplot Critical
CVE-2021-29369 was published for @rkesters/gnuplot (npm) Feb 10, 2022
Command injection in gitlogplus Critical
CVE-2021-23412 was published for gitlogplus (npm) Jul 26, 2021
Command injection in eslint-fixer Critical
CVE-2021-26275 was published for eslint-fixer (npm) Apr 13, 2021
Command injection in wc-cmd Critical
CVE-2020-28431 was published for wc-cmd (npm) Mar 19, 2021 withdrawn
Command injection in fs-path Critical
CVE-2020-8298 was published for fs-path (npm) Mar 25, 2021
Command injection in gitlog Critical
CVE-2021-26541 was published for gitlog (npm) Apr 13, 2021
Command injection in samba-client Critical
CVE-2021-27185 was published for samba-client (npm) Feb 11, 2021
npos-tesseract Command Injection vulnerability Critical
CVE-2020-28453 was published for npos-tesseract (npm) Aug 3, 2022
Command Injection in pdfinfojs Critical
CVE-2018-3746 was published for pdfinfojs (npm) Jun 7, 2018
gitblame susceptible to command injection Critical
CVE-2020-28434 was published for gitblame (npm) Aug 3, 2022
curljs Command Injection vulnerability Critical
CVE-2020-28425 was published for curljs (npm) Aug 3, 2022
ProTip! Advisories are also available from the GraphQL API