GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
46 advisories
Filter by severity
codecov NPM module allows remote attackers to execute arbitrary commands
High
CVE-2020-7597
was published
for
codecov
(npm)
Feb 19, 2020
Electron protocol handler browser vulnerable to Command Injection
High
CVE-2018-1000118
was published
for
electron
(npm)
Mar 26, 2018
Remote Code Execution in electron
High
CVE-2018-1000006
was published
for
electron
(npm)
Jan 23, 2018
Command Injection in git-tags-remote
High
GHSA-gm9x-q798-hmr4
was published
for
git-tags-remote
(npm)
Jul 29, 2020
react-dev-utils on Windows vulnerable to Remote Code Execution
High
CVE-2018-6342
was published
for
react-dev-utils
(npm)
Jan 4, 2019
OS Command Injection in lifion-verify-deps
High
CVE-2021-34078
was published
for
lifion-verify-deps
(npm)
Jun 3, 2022
OS Command Injection in s3-uploader
High
CVE-2021-34084
was published
for
s3-uploader
(npm)
Jun 3, 2022
Command Injection Vulnerability in systeminformation
High
CVE-2021-21388
was published
for
systeminformation
(npm)
Apr 6, 2021
Command injection vulnerability in @prisma/sdk in getPackedPackage function
High
CVE-2021-21414
was published
for
@prisma/sdk
(npm)
Apr 6, 2021
OS Command Injection in im-metadata
High
CVE-2019-10788
was published
for
im-metadata
(npm)
Apr 13, 2021
OS Command Injection in im-resize
High
CVE-2019-10787
was published
for
im-resize
(npm)
Apr 13, 2021
OS Command Injection in systeminformation
High
CVE-2020-7778
was published
for
systeminformation
(npm)
Feb 9, 2022
OS Command Injection in compile-sass
High
CVE-2019-10799
was published
for
compile-sass
(npm)
Apr 13, 2021
OS Command Injection in serial-number
High
CVE-2019-10804
was published
for
serial-number
(npm)
Apr 13, 2021
Injection and Command Injection in devcert
High
CVE-2020-8186
was published
for
devcert
(npm)
May 18, 2021
OS Command Injection and Command Injection in kill-port-process
High
CVE-2019-15609
was published
for
kill-port-process
(npm)
Feb 10, 2022
ProTip!
Advisories are also available from the
GraphQL API