GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
160 advisories
Filter by severity
OS Command Injection in git-add-remote
Critical
CVE-2020-7630
was published
for
git-add-remote
(npm)
Feb 10, 2022
OS Command Injection in node-key-sender
Critical
CVE-2020-7627
was published
for
node-key-sender
(npm)
Feb 10, 2022
Withdrawn Advisory: OS Command Injection in effect
Critical
CVE-2020-7624
was published
for
effect
(npm)
Feb 10, 2022
•
withdrawn
karma-mojo enables OS Command Injection
Critical
CVE-2020-7626
was published
for
karma-mojo
(npm)
Feb 10, 2022
Code injection in @rkesters/gnuplot
Critical
CVE-2021-29369
was published
for
@rkesters/gnuplot
(npm)
Feb 10, 2022
OS Command Injection in strong-nginx-controller
Critical
CVE-2020-7621
was published
for
strong-nginx-controller
(npm)
Feb 10, 2022
push-dir Enables OS Command Injection
Critical
CVE-2019-10803
was published
for
push-dir
(npm)
Feb 9, 2022
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
Critical
CVE-2021-21386
was published
for
APKLeaks
(pip)
Jan 21, 2022
OS Command Injection in diskusage-ng
Critical
CVE-2020-7631
was published
for
diskusage-ng
(npm)
Jan 7, 2022
OS Command Injection in node-mpv
Critical
CVE-2020-7632
was published
for
node-mpv
(npm)
Jan 7, 2022
Gerapy may cause remote code execution
Critical
CVE-2021-43857
was published
for
gerapy
(pip)
Jan 6, 2022
Command injection in github-todos
Critical
CVE-2021-44684
was published
for
github-todos
(npm)
Dec 10, 2021
OS Command Injection in adb-driver
Critical
CVE-2020-7636
was published
for
adb-driver
(npm)
Dec 9, 2021
OS Command Injection in heroku-addonpool
Critical
CVE-2020-7634
was published
for
heroku-addonpool
(npm)
Dec 9, 2021
Command injection in git-it-electron
Critical
CVE-2021-44685
was published
for
git-it-electron
(npm)
Dec 8, 2021
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
Critical
CVE-2021-41243
was published
for
baserproject/basercms
(Composer)
Dec 1, 2021
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36378
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in remove function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36379
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in dump function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36377
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in list function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36376
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36381
was published
for
aaptjs
(npm)
Nov 1, 2021
Vulnerability in crunch function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36380
was published
for
aaptjs
(npm)
Nov 1, 2021
Command injection leading to Remote Code Execution in Apache Storm
Critical
CVE-2021-38294
was published
for
org.apache.storm:storm
(Maven)
Oct 27, 2021
ProTip!
Advisories are also available from the
GraphQL API