GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
307 advisories
Filter by severity
pydash Command Injection vulnerability
High
CVE-2023-26145
was published
for
pydash
(pip)
Sep 28, 2023
ruby-saml vulnerable to XPath injection
Critical
CVE-2015-20108
was published
for
ruby-saml
(RubyGems)
May 27, 2023
RaspAP raspap-webgui Command Injection vulnerability
High
CVE-2023-30260
was published
for
billz/raspap-webgui
(Composer)
Jun 23, 2023
Snowflake Golang Driver vulnerable to Command Injection
High
CVE-2023-34231
was published
for
github.com/snowflakedb/gosnowflake
(Go)
Jun 9, 2023
Snowflake NodeJS Driver vulnerable to Command Injection
High
CVE-2023-34232
was published
for
snowflake-sdk
(npm)
Jun 9, 2023
Snowflake Connector .Net Command Injection
High
CVE-2023-34230
was published
for
Snowflake.Data
(NuGet)
Jun 9, 2023
Snowflake Python Connector vulnerable to Command Injection
High
CVE-2023-34233
was published
for
snowflake-connector-python
(pip)
Jun 9, 2023
node-qpdf vulnerable to command injection
High
CVE-2023-26155
was published
for
node-qpdf
(npm)
Oct 14, 2023
ScanCode.io command injection in docker image fetch process
Moderate
CVE-2023-39523
was published
for
scancodeio
(pip)
Aug 9, 2023
systeminformation SSID Command Injection Vulnerability
Critical
CVE-2023-42810
was published
for
systeminformation
(npm)
Sep 21, 2023
Apache Struts RCE Vulnerability
High
CVE-2016-3081
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
json-logic-js Command Injection vulnerability
Critical
CVE-2021-4329
was published
for
json-logic-js
(npm)
Mar 5, 2023
Command Injection in egg-scripts
Critical
CVE-2018-3786
was published
for
egg-scripts
(npm)
Sep 17, 2018
Command Injection in apex-publish-static-files
Critical
CVE-2018-16462
was published
for
apex-publish-static-files
(npm)
Nov 1, 2018
Command Injection in nuance-gulp-build-common
Critical
CVE-2020-28430
was published
for
nuance-gulp-build-common
(npm)
Apr 13, 2021
•
withdrawn
Command injection in ts-process-promises
Critical
CVE-2020-7784
was published
for
ts-process-promises
(npm)
Jan 13, 2021
ProTip!
Advisories are also available from the
GraphQL API