Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

41 advisories

Loading
Command Injection Vulnerability High
CVE-2021-21315 was published for systeminformation (npm) Feb 16, 2021
OS Command Injection in ssh2 High
CVE-2020-26301 was published for ssh2 (npm) Sep 21, 2021
Electron vulnerable to remote command execution High
CVE-2017-12581 was published for electron (npm) May 17, 2022
Clamscan vulnerable to command injection High
CVE-2020-7613 was published for clamscan (npm) May 24, 2022
Command Injection in node-rules High
GHSA-8whr-v3gm-w8h9 was published for node-rules (npm) Sep 3, 2020
tdunlap607
trentm/json vulnerable to command injection High
CVE-2020-7712 was published for json (Maven) May 6, 2021
Yarn Improper link resolution before file access (Link Following) High
CVE-2019-10773 was published for yarn (npm) Feb 14, 2020
systeminformation command injection vulnerability High
CVE-2020-7752 was published for systeminformation (npm) Oct 27, 2020
Snyk CLI affected by Command Injection vulnerability High
CVE-2022-40764 was published for snyk (npm) Oct 4, 2022
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol High
CVE-2022-25912 was published for simple-git (npm) Dec 6, 2022
abacus-ext-cmdline vulnerable to Command Injection High
CVE-2022-24431 was published for abacus-ext-cmdline (npm) Dec 21, 2022
p4 vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25171 was published for p4 (npm) Dec 20, 2022
fs-git command injection vulnerability High
CVE-2017-1000451 was published for fs-git (npm) May 13, 2022
Remote Command Execution in reg-keygen-git-hash-plugin High
CVE-2021-32673 was published for reg-keygen-git-hash-plugin (npm) Jun 8, 2021
progfay
OS Command Injection in Strapi High
CVE-2019-19609 was published for strapi (npm) Dec 10, 2021
OS Command Injection in pixl-class High
CVE-2020-7640 was published for pixl-class (npm) Dec 10, 2021
Injection and Command Injection in devcert High
CVE-2020-8186 was published for devcert (npm) May 18, 2021
OS Command Injection and Command Injection in kill-port-process High
CVE-2019-15609 was published for kill-port-process (npm) Feb 10, 2022
OS Command Injection in enpeem High
CVE-2019-10801 was published for enpeem (npm) Apr 13, 2021
OS Command Injection in compile-sass High
CVE-2019-10799 was published for compile-sass (npm) Apr 13, 2021
OS Command Injection in serial-number High
CVE-2019-10804 was published for serial-number (npm) Apr 13, 2021
OS Command Injection in systeminformation High
CVE-2020-7778 was published for systeminformation (npm) Feb 9, 2022
OS Command Injection in curling High
CVE-2019-10789 was published for curling (npm) Apr 13, 2021
OS Command Injection in im-metadata High
CVE-2019-10788 was published for im-metadata (npm) Apr 13, 2021
OS Command Injection in im-resize High
CVE-2019-10787 was published for im-resize (npm) Apr 13, 2021
ProTip! Advisories are also available from the GraphQL API