Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

155 advisories

Loading
Command injection in kill-process-on-port High
CVE-2020-28426 was published for kill-process-on-port (npm) Mar 19, 2021
Command injection in gitlog Critical
CVE-2021-26541 was published for gitlog (npm) Apr 13, 2021
Command Injection in killport High
CVE-2021-23360 was published for killport (npm) Apr 13, 2021
Command injection in fs-path Critical
CVE-2020-8298 was published for fs-path (npm) Mar 25, 2021
Command Injection Vulnerability in systeminformation High
CVE-2021-21388 was published for systeminformation (npm) Apr 6, 2021
Command injection in wc-cmd Critical
CVE-2020-28431 was published for wc-cmd (npm) Mar 19, 2021 withdrawn
Code injection in port-killer High
CVE-2021-23359 was published for port-killer (npm) Apr 13, 2021
Arbitrary Command Injection in portprocesses Moderate
CVE-2021-23348 was published for portprocesses (npm) Apr 6, 2021
omnitaint
Command injection in eslint-fixer Critical
CVE-2021-26275 was published for eslint-fixer (npm) Apr 13, 2021
Command Injection in @graphql-tools/git-loader High
CVE-2021-23326 was published for @graphql-tools/git-loader (npm) Jan 29, 2021
OS Command Injection and Command Injection in kill-port-process High
CVE-2019-15609 was published for kill-port-process (npm) Feb 10, 2022
Injection and Command Injection in devcert High
CVE-2020-8186 was published for devcert (npm) May 18, 2021
Command injection in gitlogplus Critical
CVE-2021-23412 was published for gitlogplus (npm) Jul 26, 2021
Command injection in @diez/generation Low
CVE-2021-32830 was published for @diez/generation (npm) Sep 2, 2021
Code injection in @rkesters/gnuplot Critical
CVE-2021-29369 was published for @rkesters/gnuplot (npm) Feb 10, 2022
Script injection Moderate
CVE-2021-32661 was published for @backstage/plugin-techdocs (npm) Jun 4, 2021
Script injection Moderate
CVE-2021-32660 was published for @backstage/techdocs-common (npm) Jun 4, 2021
Vulnerability in list function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36376 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in dump function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36377 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in remove function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36379 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36378 was published for aaptjs (npm) Nov 2, 2021
Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36381 was published for aaptjs (npm) Nov 1, 2021
Vulnerability in crunch function leads to arbitrary code execution via filePath parameters Critical
CVE-2020-36380 was published for aaptjs (npm) Nov 1, 2021
Command injection in workspace-tools Critical
CVE-2022-25865 was published for workspace-tools (npm) May 14, 2022
monorepo-build Command Injection vulnerability Critical
CVE-2020-28423 was published for monorepo-build (npm) Aug 3, 2022
ProTip! Advisories are also available from the GraphQL API