GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,128
Pub
10
RubyGems
838
Rust
792
Swift
34
Unreviewed advisories
All unreviewed
5,000+
140 advisories
Filter by severity
Injection and Command Injection in devcert
High
CVE-2020-8186
was published
for
devcert
(npm)
May 18, 2021
Command Injection Vulnerability in systeminformation
High
CVE-2021-21388
was published
for
systeminformation
(npm)
Apr 6, 2021
Command injection in kill-process-on-port
High
CVE-2020-28426
was published
for
kill-process-on-port
(npm)
Mar 19, 2021
Madge vulnerable to command injection
High
CVE-2021-23352
was published
for
madge
(npm)
Mar 12, 2021
Remote Code Execution in SCIMono
High
CVE-2021-21479
was published
for
com.sap.scimono:scimono-server
(Maven)
Feb 10, 2021
Command Injection in @graphql-tools/git-loader
High
CVE-2021-23326
was published
for
@graphql-tools/git-loader
(npm)
Jan 29, 2021
Command Injection in entitlements
High
GHSA-g8vp-6hv4-m67c
was published
for
entitlements
(npm)
Sep 11, 2020
Command Injection in soletta-dev-app
High
GHSA-8mgg-5x65-m4m4
was published
for
soletta-dev-app
(npm)
Sep 11, 2020
Command Injection in local-devices
High
GHSA-w725-67p7-xv22
was published
for
local-devices
(npm)
Sep 3, 2020
pullit vulnerable to command injection
High
CVE-2018-25083
was published
for
pullit
(npm)
Sep 3, 2020
ProTip!
Advisories are also available from the
GraphQL API