GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,507
NuGet
609
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
130 advisories
Filter by severity
Bash command injection in Apache Zeppelin
Critical
CVE-2019-10095
was published
for
org.apache.zeppelin:zeppelin
(Maven)
Sep 7, 2021
Command injection in gitlogplus
Critical
CVE-2021-23412
was published
for
gitlogplus
(npm)
Jul 26, 2021
Command injection in LocalStack
Critical
CVE-2021-32090
was published
for
localstack
(pip)
Jun 18, 2021
Command Injection in @ronomon/opened
Critical
CVE-2021-29300
was published
for
@ronomon/opened
(npm)
Jun 8, 2021
Command Injection in geojson2kml
Critical
CVE-2020-28429
was published
for
geojson2kml
(npm)
May 10, 2021
Command Injection in ps-visitor
Critical
CVE-2021-23374
was published
for
ps-visitor
(npm)
May 7, 2021
Command Injection in onion-oled-js
Critical
CVE-2021-23377
was published
for
onion-oled-js
(npm)
May 7, 2021
Command Injection in ffmpegdotjs
Critical
CVE-2021-23376
was published
for
ffmpegdotjs
(npm)
May 6, 2021
Command injection in launchpad
Critical
CVE-2021-23330
was published
for
launchpad
(npm)
Apr 13, 2021
Command Injection in nuance-gulp-build-common
Critical
CVE-2020-28430
was published
for
nuance-gulp-build-common
(npm)
Apr 13, 2021
•
withdrawn
Command injection in eslint-fixer
Critical
CVE-2021-26275
was published
for
eslint-fixer
(npm)
Apr 13, 2021
Code injection in kill-process-by-name
Critical
CVE-2021-23356
was published
for
kill-process-by-name
(npm)
Mar 19, 2021
Command injection in wc-cmd
Critical
CVE-2020-28431
was published
for
wc-cmd
(npm)
Mar 19, 2021
•
withdrawn
Command injection in samba-client
Critical
CVE-2021-27185
was published
for
samba-client
(npm)
Feb 11, 2021
Command injection in ts-process-promises
Critical
CVE-2020-7784
was published
for
ts-process-promises
(npm)
Jan 13, 2021
Command Injection in traceroute
Critical
GHSA-rjvj-673q-4hfw
was published
for
traceroute
(npm)
Sep 4, 2020
Command Injection in npm-git-publish
Critical
GHSA-49mg-94fc-2fx6
was published
for
npm-git-publish
(npm)
Sep 4, 2020
Command Injection in meta-git
Critical
GHSA-qcff-ffx3-m25c
was published
for
meta-git
(npm)
Sep 4, 2020
ProTip!
Advisories are also available from the
GraphQL API