GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
156 advisories
Filter by severity
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
High
GHSA-fm76-w8jw-xf8m
was published
for
@saltcorn/plugins-loader
(npm)
Oct 3, 2024
git-shallow-clone OS Command Injection vulnerability
Moderate
CVE-2024-21531
was published
for
git-shallow-clone
(npm)
Oct 1, 2024
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
Critical
CVE-2024-39943
was published
for
hfs
(npm)
Jul 5, 2024
Command Injection Vulnerability
High
CVE-2021-21315
was published
for
systeminformation
(npm)
Feb 16, 2021
Withdrawn Advisory: OS Command Injection in effect
Critical
CVE-2020-7624
was published
for
effect
(npm)
Feb 10, 2022
•
withdrawn
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ZMarkdown
Critical
GHSA-2c83-wfv3-q25f
was published
for
rebber
(npm)
Sep 7, 2021
Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases
Moderate
GHSA-rqgv-292v-5qgr
was published
for
renovate
(npm)
Apr 23, 2024
Treekill Enables OS Command Injection
Critical
CVE-2019-15598
was published
for
tree-kill
(npm)
May 24, 2022
PIDUsage Enables OS Command Injection
Critical
CVE-2017-1000220
was published
for
pidusage
(npm)
May 13, 2022
promise-probe OS command injection vulnerability
Critical
CVE-2019-10791
was published
for
promise-probe
(npm)
May 24, 2022
Pedroetb TTS-API OS Command Injection
Critical
CVE-2019-25158
was published
for
tts-api
(npm)
Dec 19, 2023
git-commit-info vulnerable to Command Injection
Critical
CVE-2023-26134
was published
for
git-commit-info
(npm)
Jun 28, 2023
chromedriver Command Injection vulnerability
Moderate
CVE-2023-26156
was published
for
chromedriver
(npm)
Nov 9, 2023
appium-desktop OS Command Injection vulnerability
Critical
CVE-2023-2479
was published
for
appium-desktop
(npm)
May 2, 2023
Command Injection Vulnerability in find-exec
Critical
CVE-2023-40582
was published
for
find-exec
(npm)
Aug 30, 2023
apiconnect-cli-plugins vulnerable to OS Command Injection
Critical
CVE-2020-7633
was published
for
apiconnect-cli-plugins
(npm)
May 24, 2021
Electron vulnerable to remote command execution
High
CVE-2017-12581
was published
for
electron
(npm)
May 17, 2022
Clamscan vulnerable to command injection
High
CVE-2020-7613
was published
for
clamscan
(npm)
May 24, 2022
Command Injection in node-rules
High
GHSA-8whr-v3gm-w8h9
was published
for
node-rules
(npm)
Sep 3, 2020
Command Injection in egg-scripts
Critical
CVE-2018-3786
was published
for
egg-scripts
(npm)
Sep 17, 2018
OS Command Injection in heroku-addonpool
Critical
CVE-2020-7634
was published
for
heroku-addonpool
(npm)
Dec 9, 2021
OS Command Injection in node-prompt-here
Critical
CVE-2020-7602
was published
for
node-prompt-here
(npm)
May 7, 2021
ProTip!
Advisories are also available from the
GraphQL API