Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

155 advisories

Command Injection Vulnerability in systeminformation High
CVE-2021-21388 was published for systeminformation (npm) Apr 6, 2021
Command injection in fs-path Critical
CVE-2020-8298 was published for fs-path (npm) Mar 25, 2021
Command Injection in killport High
CVE-2021-23360 was published for killport (npm) Apr 13, 2021
Command injection in gitlog Critical
CVE-2021-26541 was published for gitlog (npm) Apr 13, 2021
Command injection in kill-process-on-port High
CVE-2020-28426 was published for kill-process-on-port (npm) Mar 19, 2021
Command injection in samba-client Critical
CVE-2021-27185 was published for samba-client (npm) Feb 11, 2021
Environment Variable Injection in GitHub Actions Low
CVE-2020-15228 was published for @actions/core (npm) Oct 1, 2020
Command injection in node-dns-sync High
CVE-2020-11079 was published for dns-sync (npm) May 28, 2020
OS Command Injection in git-promise High
CVE-2022-24376 was published for git-promise (npm) Jun 11, 2022
lirantal
npos-tesseract Command Injection vulnerability Critical
CVE-2020-28453 was published for npos-tesseract (npm) Aug 3, 2022
Command Injection in pdfinfojs Critical
CVE-2018-3746 was published for pdfinfojs (npm) Jun 7, 2018
@actions/core has Delimiter Injection Vulnerability in exportVariable Moderate
CVE-2022-35954 was published for @actions/core (npm) Aug 18, 2022
jupenur
curljs Command Injection vulnerability Critical
CVE-2020-28425 was published for curljs (npm) Aug 3, 2022
gitblame susceptible to command injection Critical
CVE-2020-28434 was published for gitblame (npm) Aug 3, 2022
node-latex-pdf is susceptible to command injection Critical
CVE-2020-28433 was published for node-latex-pdf (npm) Aug 3, 2022
image-tiler susceptible to command injection Critical
CVE-2020-28451 was published for image-tiler (npm) Aug 3, 2022
heroku-env susceptible to command injection Critical
CVE-2020-28437 was published for heroku-env (npm) Aug 3, 2022
get-npm-package-version Command Injection vulnerability Critical
CVE-2020-7795 was published for get-npm-package-version (npm) Aug 3, 2022
wifey vulnerable to Command Injection due to improper input sanitization Critical
CVE-2022-25890 was published for wifey (npm) Jan 9, 2023
global-modules-path Command Injection vulnerability Critical
CVE-2022-21191 was published for global-modules-path (npm) Jan 13, 2023
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath) Critical
CVE-2020-28447 was published for xopen (npm) Jul 26, 2022
ffmpeg-sdk vulnerable to OS Command Injection Critical
CVE-2020-28435 was published for ffmpeg-sdk (npm) Jul 26, 2022
deferred-exec Command Injection vulnerability Critical
CVE-2020-28438 was published for deferred-exec (npm) Jul 26, 2022
git-archive vulnerable to Command Injection via exports function High
CVE-2020-28422 was published for git-archive (npm) Jul 26, 2022
ntesseract vulnerable to Command Injection Critical
CVE-2020-28446 was published for ntesseract (npm) Jul 26, 2022
ProTip! Advisories are also available from the GraphQL API