GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
155 advisories
Filter by severity
Command Injection Vulnerability in systeminformation
High
CVE-2021-21388
was published
for
systeminformation
(npm)
Apr 6, 2021
Command injection in kill-process-on-port
High
CVE-2020-28426
was published
for
kill-process-on-port
(npm)
Mar 19, 2021
Command injection in samba-client
Critical
CVE-2021-27185
was published
for
samba-client
(npm)
Feb 11, 2021
Environment Variable Injection in GitHub Actions
Low
CVE-2020-15228
was published
for
@actions/core
(npm)
Oct 1, 2020
Command injection in node-dns-sync
High
CVE-2020-11079
was published
for
dns-sync
(npm)
May 28, 2020
OS Command Injection in git-promise
High
CVE-2022-24376
was published
for
git-promise
(npm)
Jun 11, 2022
npos-tesseract Command Injection vulnerability
Critical
CVE-2020-28453
was published
for
npos-tesseract
(npm)
Aug 3, 2022
@actions/core has Delimiter Injection Vulnerability in exportVariable
Moderate
CVE-2022-35954
was published
for
@actions/core
(npm)
Aug 18, 2022
curljs Command Injection vulnerability
Critical
CVE-2020-28425
was published
for
curljs
(npm)
Aug 3, 2022
gitblame susceptible to command injection
Critical
CVE-2020-28434
was published
for
gitblame
(npm)
Aug 3, 2022
node-latex-pdf is susceptible to command injection
Critical
CVE-2020-28433
was published
for
node-latex-pdf
(npm)
Aug 3, 2022
image-tiler susceptible to command injection
Critical
CVE-2020-28451
was published
for
image-tiler
(npm)
Aug 3, 2022
heroku-env susceptible to command injection
Critical
CVE-2020-28437
was published
for
heroku-env
(npm)
Aug 3, 2022
get-npm-package-version Command Injection vulnerability
Critical
CVE-2020-7795
was published
for
get-npm-package-version
(npm)
Aug 3, 2022
wifey vulnerable to Command Injection due to improper input sanitization
Critical
CVE-2022-25890
was published
for
wifey
(npm)
Jan 9, 2023
global-modules-path Command Injection vulnerability
Critical
CVE-2022-21191
was published
for
global-modules-path
(npm)
Jan 13, 2023
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath)
Critical
CVE-2020-28447
was published
for
xopen
(npm)
Jul 26, 2022
ffmpeg-sdk vulnerable to OS Command Injection
Critical
CVE-2020-28435
was published
for
ffmpeg-sdk
(npm)
Jul 26, 2022
deferred-exec Command Injection vulnerability
Critical
CVE-2020-28438
was published
for
deferred-exec
(npm)
Jul 26, 2022
git-archive vulnerable to Command Injection via exports function
High
CVE-2020-28422
was published
for
git-archive
(npm)
Jul 26, 2022
ntesseract vulnerable to Command Injection
Critical
CVE-2020-28446
was published
for
ntesseract
(npm)
Jul 26, 2022
ProTip!
Advisories are also available from the
GraphQL API