GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
158 advisories
Filter by severity
Withdrawn Advisory: OS Command Injection in effect
Critical
CVE-2020-7624
was published
for
effect
(npm)
Feb 10, 2022
•
withdrawn
karma-mojo enables OS Command Injection
Critical
CVE-2020-7626
was published
for
karma-mojo
(npm)
Feb 10, 2022
Code injection in @rkesters/gnuplot
Critical
CVE-2021-29369
was published
for
@rkesters/gnuplot
(npm)
Feb 10, 2022
OS Command Injection in strong-nginx-controller
Critical
CVE-2020-7621
was published
for
strong-nginx-controller
(npm)
Feb 10, 2022
push-dir Enables OS Command Injection
Critical
CVE-2019-10803
was published
for
push-dir
(npm)
Feb 9, 2022
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
Critical
CVE-2021-21386
was published
for
APKLeaks
(pip)
Jan 21, 2022
OS Command Injection in diskusage-ng
Critical
CVE-2020-7631
was published
for
diskusage-ng
(npm)
Jan 7, 2022
OS Command Injection in node-mpv
Critical
CVE-2020-7632
was published
for
node-mpv
(npm)
Jan 7, 2022
Gerapy may cause remote code execution
Critical
CVE-2021-43857
was published
for
gerapy
(pip)
Jan 6, 2022
Command injection in github-todos
Critical
CVE-2021-44684
was published
for
github-todos
(npm)
Dec 10, 2021
OS Command Injection in adb-driver
Critical
CVE-2020-7636
was published
for
adb-driver
(npm)
Dec 9, 2021
OS Command Injection in heroku-addonpool
Critical
CVE-2020-7634
was published
for
heroku-addonpool
(npm)
Dec 9, 2021
Command injection in git-it-electron
Critical
CVE-2021-44685
was published
for
git-it-electron
(npm)
Dec 8, 2021
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
Critical
CVE-2021-41243
was published
for
baserproject/basercms
(Composer)
Dec 1, 2021
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36378
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in remove function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36379
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in dump function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36377
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in list function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36376
was published
for
aaptjs
(npm)
Nov 2, 2021
Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36381
was published
for
aaptjs
(npm)
Nov 1, 2021
Vulnerability in crunch function leads to arbitrary code execution via filePath parameters
Critical
CVE-2020-36380
was published
for
aaptjs
(npm)
Nov 1, 2021
Command injection leading to Remote Code Execution in Apache Storm
Critical
CVE-2021-38294
was published
for
org.apache.storm:storm
(Maven)
Oct 27, 2021
OS Command Injection in node-opencv
Critical
CVE-2019-10061
was published
for
opencv
(npm)
Oct 12, 2021
ProTip!
Advisories are also available from the
GraphQL API