Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

158 advisories

Loading
OS Command Injection in devcert-sanscache Critical
CVE-2019-10778 was published for devcert-sanscache (npm) Apr 14, 2020
curlrequest allows execution of arbitrary commands Critical
CVE-2020-7646 was published for curlrequest (npm) May 13, 2020
OS command injection in aws-lambda Critical
CVE-2019-10777 was published for aws-lambda (npm) Feb 14, 2020
OS command injection in git-diff-apply Critical
CVE-2019-10776 was published for git-diff-apply (npm) Feb 14, 2020
Command Injection in macaddress Critical
CVE-2018-13797 was published for macaddress (npm) Sep 6, 2018
Command Injection in Kylin Critical
CVE-2020-13925 was published for org.apache.kylin:kylin-server-base (Maven) Jul 27, 2020
Command Injection in pdf-image Critical
CVE-2018-3757 was published for pdf-image (npm) Sep 1, 2020
OS Command Injection in node-opencv Critical
CVE-2019-10061 was published for opencv (npm) Oct 12, 2021
OS Command Injection in gogs Critical
CVE-2022-1884 was published for gogs.io/gogs (Go) Jun 2, 2022
1135
Growl before 1.10.0 vulnerable to Command Injection Critical
CVE-2017-16042 was published for growl (npm) Jun 8, 2018
Arbitrary Code Execution in require-node Critical
GHSA-8j6j-4h2c-c65p was published for require-node (npm) Sep 3, 2020
thenify before 3.3.1 made use of unsafe calls to `eval`. Critical
CVE-2020-7677 was published for org.webjars.npm:thenify (Maven) Jul 18, 2022
OS Command Injection in awesome spawn Critical
CVE-2014-0156 was published for awesome_spawn (RubyGems) Jul 1, 2022
BenK0lin
Command Injection in CasaOS Critical
CVE-2022-24193 was published for github.com/IceWhaleTech/CasaOS (Go) Mar 11, 2022
OS Command Injection in Plexus-utils Critical
CVE-2017-1000487 was published for org.codehaus.plexus:plexus-utils (Maven) May 13, 2022
OS Command Injection in git-pull-or-clone Critical
CVE-2022-24437 was published for git-pull-or-clone (npm) May 3, 2022
lirantal
Improper Neutralization of Special Elements used in an OS Command in Blamer Critical
CVE-2019-10807 was published for blamer (npm) May 24, 2022
OS Command Injection in file editor in Gogs Critical
CVE-2022-1986 was published for gogs.io/gogs (Go) Jun 8, 2022
1135
Command injection in git-it-electron Critical
CVE-2021-44685 was published for git-it-electron (npm) Dec 8, 2021
dwisiswant0
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath) Critical
CVE-2020-28447 was published for xopen (npm) Jul 26, 2022
ffmpeg-sdk vulnerable to OS Command Injection Critical
CVE-2020-28435 was published for ffmpeg-sdk (npm) Jul 26, 2022
OS Command Injection in gogs Critical
CVE-2021-32546 was published for gogs.io/gogs (Go) Jun 2, 2022
unicorn-security-team
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE Critical
CVE-2021-32682 was published for studio-42/elfinder (Composer) Jun 16, 2021
thomas-chauchefoin-sonarsource
wifey vulnerable to Command Injection due to improper input sanitization Critical
CVE-2022-25890 was published for wifey (npm) Jan 9, 2023
Command Injection in pdfinfojs Critical
CVE-2018-3746 was published for pdfinfojs (npm) Jun 7, 2018
ProTip! Advisories are also available from the GraphQL API