GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
46 advisories
Filter by severity
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
High
CVE-2024-39943
was published
for
hfs
(npm)
Jul 5, 2024
git-commit-info vulnerable to Command Injection
High
CVE-2023-26134
was published
for
git-commit-info
(npm)
Jun 28, 2023
OS Command Injection in Snyk gradle plugin
High
CVE-2024-48964
was published
for
snyk-gradle-plugin
(npm)
Oct 23, 2024
OS Command Injection in Snyk php plugin
High
CVE-2024-48963
was published
for
snyk-php-plugin
(npm)
Oct 23, 2024
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
High
GHSA-fm76-w8jw-xf8m
was published
for
@saltcorn/plugins-loader
(npm)
Oct 3, 2024
Command Injection Vulnerability
High
CVE-2021-21315
was published
for
systeminformation
(npm)
Feb 16, 2021
Electron vulnerable to remote command execution
High
CVE-2017-12581
was published
for
electron
(npm)
May 17, 2022
Clamscan vulnerable to command injection
High
CVE-2020-7613
was published
for
clamscan
(npm)
May 24, 2022
Command Injection in node-rules
High
GHSA-8whr-v3gm-w8h9
was published
for
node-rules
(npm)
Sep 3, 2020
trentm/json vulnerable to command injection
High
CVE-2020-7712
was published
for
json
(Maven)
May 6, 2021
Yarn Improper link resolution before file access (Link Following)
High
CVE-2019-10773
was published
for
yarn
(npm)
Feb 14, 2020
systeminformation command injection vulnerability
High
CVE-2020-7752
was published
for
systeminformation
(npm)
Oct 27, 2020
Snyk CLI affected by Command Injection vulnerability
High
CVE-2022-40764
was published
for
snyk
(npm)
Oct 4, 2022
abacus-ext-cmdline vulnerable to Command Injection
High
CVE-2022-24431
was published
for
abacus-ext-cmdline
(npm)
Dec 21, 2022
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol
High
CVE-2022-25912
was published
for
simple-git
(npm)
Dec 6, 2022
p4 vulnerable to Command Injection due to improper input sanitization
High
CVE-2022-25171
was published
for
p4
(npm)
Dec 20, 2022
fs-git command injection vulnerability
High
CVE-2017-1000451
was published
for
fs-git
(npm)
May 13, 2022
Remote Command Execution in reg-keygen-git-hash-plugin
High
CVE-2021-32673
was published
for
reg-keygen-git-hash-plugin
(npm)
Jun 8, 2021
OS Command Injection in pixl-class
High
CVE-2020-7640
was published
for
pixl-class
(npm)
Dec 10, 2021
Injection and Command Injection in devcert
High
CVE-2020-8186
was published
for
devcert
(npm)
May 18, 2021
OS Command Injection and Command Injection in kill-port-process
High
CVE-2019-15609
was published
for
kill-port-process
(npm)
Feb 10, 2022
OS Command Injection in serial-number
High
CVE-2019-10804
was published
for
serial-number
(npm)
Apr 13, 2021
ProTip!
Advisories are also available from the
GraphQL API