Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

307 advisories

Loading
pydash Command Injection vulnerability High
CVE-2023-26145 was published for pydash (pip) Sep 28, 2023
ruby-saml vulnerable to XPath injection Critical
CVE-2015-20108 was published for ruby-saml (RubyGems) May 27, 2023
RaspAP raspap-webgui Command Injection vulnerability High
CVE-2023-30260 was published for billz/raspap-webgui (Composer) Jun 23, 2023
Snowflake Golang Driver vulnerable to Command Injection High
CVE-2023-34231 was published for github.com/snowflakedb/gosnowflake (Go) Jun 9, 2023
Snowflake NodeJS Driver vulnerable to Command Injection High
CVE-2023-34232 was published for snowflake-sdk (npm) Jun 9, 2023
Snowflake Connector .Net Command Injection High
CVE-2023-34230 was published for Snowflake.Data (NuGet) Jun 9, 2023
Snowflake Python Connector vulnerable to Command Injection High
CVE-2023-34233 was published for snowflake-connector-python (pip) Jun 9, 2023
node-qpdf vulnerable to command injection High
CVE-2023-26155 was published for node-qpdf (npm) Oct 14, 2023
ScanCode.io command injection in docker image fetch process Moderate
CVE-2023-39523 was published for scancodeio (pip) Aug 9, 2023
0xmpij
systeminformation SSID Command Injection Vulnerability Critical
CVE-2023-42810 was published for systeminformation (npm) Sep 21, 2023
Apache Struts RCE Vulnerability High
CVE-2016-3081 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
json-logic-js Command Injection vulnerability Critical
CVE-2021-4329 was published for json-logic-js (npm) Mar 5, 2023
gry vulnerable to Command Injection High
CVE-2020-36650 was published for gry (npm) Jan 11, 2023
OS Command Injection in celery High
CVE-2021-23727 was published for celery (pip) Jan 6, 2022
Command Injection in egg-scripts Critical
CVE-2018-3786 was published for egg-scripts (npm) Sep 17, 2018
tdunlap607
Command Injection in apex-publish-static-files Critical
CVE-2018-16462 was published for apex-publish-static-files (npm) Nov 1, 2018
Command Injection in whereis Critical
CVE-2018-3772 was published for whereis (npm) Jul 31, 2018
ps Enables OS Command Injection Critical
CVE-2018-16460 was published for ps (npm) Sep 17, 2018
Command Injection in nuance-gulp-build-common Critical
CVE-2020-28430 was published for nuance-gulp-build-common (npm) Apr 13, 2021 withdrawn
Command injection in buns Critical
CVE-2020-7794 was published for buns (npm) Jan 13, 2021
Command injection in ts-process-promises Critical
CVE-2020-7784 was published for ts-process-promises (npm) Jan 13, 2021
Command Injection in kill-port High
CVE-2019-5414 was published for kill-port (npm) Mar 25, 2019
Code injection in mock2easy Critical
CVE-2020-7697 was published for mock2easy (npm) May 6, 2021
Command Injection in Simiki Critical
CVE-2020-19001 was published for simiki (pip) Sep 1, 2021
Command Injection in libnmap Moderate
CVE-2018-16461 was published for libnmap (npm) Nov 1, 2018
ProTip! Advisories are also available from the GraphQL API