GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
155 advisories
Filter by severity
sonar-wrapper Command Injection vulnerability
Critical
CVE-2020-28443
was published
for
sonar-wrapper
(npm)
Jul 26, 2022
google-cloudstorage-commands Command Injection vulnerability
Critical
CVE-2020-28436
was published
for
google-cloudstorage-commands
(npm)
Jul 26, 2022
OS Command Injection in git-pull-or-clone
Critical
CVE-2022-24437
was published
for
git-pull-or-clone
(npm)
May 3, 2022
Command injection in npm-dependency-versions
Critical
CVE-2022-29080
was published
for
npm-dependency-versions
(npm)
Apr 13, 2022
Command Injection in @ronomon/opened
Critical
CVE-2021-29300
was published
for
@ronomon/opened
(npm)
Jun 8, 2021
Arbitrary command execution in roar-pidusage
Moderate
CVE-2021-23380
was published
for
roar-pidusage
(npm)
May 6, 2021
Command Injection in ffmpegdotjs
Critical
CVE-2021-23376
was published
for
ffmpegdotjs
(npm)
May 6, 2021
Arbitrary code execution in kill-by-port
Moderate
CVE-2021-23363
was published
for
kill-by-port
(npm)
Apr 13, 2021
Command Injection in ps-visitor
Critical
CVE-2021-23374
was published
for
ps-visitor
(npm)
May 7, 2021
Command Injection in onion-oled-js
Critical
CVE-2021-23377
was published
for
onion-oled-js
(npm)
May 7, 2021
Command injection in launchpad
Critical
CVE-2021-23330
was published
for
launchpad
(npm)
Apr 13, 2021
Code injection in kill-process-by-name
Critical
CVE-2021-23356
was published
for
kill-process-by-name
(npm)
Mar 19, 2021
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build
Low
GHSA-jcgr-9698-82jx
was published
for
@floffah/build
(npm)
May 28, 2021
Command Injection in bestzip
Critical
GHSA-4qqc-mp5f-ccv4
was published
for
bestzip
(npm)
Sep 2, 2020
Command Injection in plotter
Critical
GHSA-65xx-c85x-wg76
was published
for
plotter
(npm)
Sep 4, 2020
Command Injection in entitlements
High
GHSA-g8vp-6hv4-m67c
was published
for
entitlements
(npm)
Sep 11, 2020
Command Injection in priest-runner
Critical
GHSA-9px9-f7jw-fwhj
was published
for
priest-runner
(npm)
Sep 3, 2020
ProTip!
Advisories are also available from the
GraphQL API