GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
130 advisories
Filter by severity
Command injection in wc-cmd
Critical
CVE-2020-28431
was published
for
wc-cmd
(npm)
Mar 19, 2021
•
withdrawn
Command injection in eslint-fixer
Critical
CVE-2021-26275
was published
for
eslint-fixer
(npm)
Apr 13, 2021
Command injection in gitlogplus
Critical
CVE-2021-23412
was published
for
gitlogplus
(npm)
Jul 26, 2021
Code injection in @rkesters/gnuplot
Critical
CVE-2021-29369
was published
for
@rkesters/gnuplot
(npm)
Feb 10, 2022
Vulnerability in dump function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36377
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in list function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36376
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in remove function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36379
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36378
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36381
was published
for
aaptjs
(npm)
Nov 1, 2021
Vulnerability in crunch function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36380
was published
for
aaptjs
(npm)
Nov 1, 2021
Command Injection in Apache Airflow and Apache Airflow MySQL Provider
Critical
CVE-2023-22884
was published
for
apache-airflow
(pip)
Jan 21, 2023
Command injection in workspace-tools
Critical
CVE-2022-25865
was published
for
workspace-tools
(npm)
May 14, 2022
monorepo-build Command Injection vulnerability
Critical
CVE-2020-28423
was published
for
monorepo-build
(npm)
Aug 3, 2022
Command injection in vagrant.js
Critical
CVE-2022-25962
was published
for
vagrant.js
(npm)
Jan 26, 2023
Command Injection in create-choo-electron
Critical
CVE-2022-25908
was published
for
create-choo-electron
(npm)
Jan 26, 2023
nemo-appium vulnerable to OS Command Injection
Critical
CVE-2022-21129
was published
for
nemo-appium
(npm)
Jan 31, 2023
HashiCorp go-getter command injection
Critical
CVE-2022-26945
was published
for
github.com/hashicorp/go-getter
(Go)
May 26, 2022
Versionn Command Injection Vulnerability
Critical
CVE-2023-25805
was published
for
versionn
(npm)
Feb 22, 2023
Command Injection in thorsten/phpmyfaq
Critical
CVE-2023-0789
was published
for
thorsten/phpmyfaq
(Composer)
Feb 12, 2023
stoqey/gnuplot is vulnerable to command injection
Critical
CVE-2021-33360
was published
for
@stoqey/gnuplot
(npm)
Mar 10, 2023
Command injection in itext7-core
Critical
CVE-2021-43113
was published
for
com.itextpdf:itext7-core
(Maven)
Dec 16, 2021
karo Metacharacter Handling Remote Command Execution
Critical
CVE-2014-10075
was published
for
karo
(RubyGems)
May 14, 2022
Command Injection in command-exists
Critical
GHSA-cff4-rrq6-h78w
was published
for
command-exists
(npm)
Jun 3, 2019
Command Injection in node-windows
Critical
CVE-2021-45459
was published
for
node-windows
(npm)
Jan 5, 2022
ProTip!
Advisories are also available from the
GraphQL API