Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

45 advisories

Loading
git-commit-info vulnerable to Command Injection High
CVE-2023-26134 was published for git-commit-info (npm) Jun 28, 2023
DSimsek000
OS Command Injection in Snyk gradle plugin High
CVE-2024-48964 was published for snyk-gradle-plugin (npm) Oct 23, 2024
OS Command Injection in Snyk php plugin High
CVE-2024-48963 was published for snyk-php-plugin (npm) Oct 23, 2024
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source High
GHSA-fm76-w8jw-xf8m was published for @saltcorn/plugins-loader (npm) Oct 3, 2024
dellalibera
Command Injection Vulnerability High
CVE-2021-21315 was published for systeminformation (npm) Feb 16, 2021
OS Command Injection in ssh2 High
CVE-2020-26301 was published for ssh2 (npm) Sep 21, 2021
Electron vulnerable to remote command execution High
CVE-2017-12581 was published for electron (npm) May 17, 2022
Clamscan vulnerable to command injection High
CVE-2020-7613 was published for clamscan (npm) May 24, 2022
Command Injection in node-rules High
GHSA-8whr-v3gm-w8h9 was published for node-rules (npm) Sep 3, 2020
tdunlap607
trentm/json vulnerable to command injection High
CVE-2020-7712 was published for json (Maven) May 6, 2021
Yarn Improper link resolution before file access (Link Following) High
CVE-2019-10773 was published for yarn (npm) Feb 14, 2020
systeminformation command injection vulnerability High
CVE-2020-7752 was published for systeminformation (npm) Oct 27, 2020
Snyk CLI affected by Command Injection vulnerability High
CVE-2022-40764 was published for snyk (npm) Oct 4, 2022
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol High
CVE-2022-25912 was published for simple-git (npm) Dec 6, 2022
abacus-ext-cmdline vulnerable to Command Injection High
CVE-2022-24431 was published for abacus-ext-cmdline (npm) Dec 21, 2022
p4 vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25171 was published for p4 (npm) Dec 20, 2022
fs-git command injection vulnerability High
CVE-2017-1000451 was published for fs-git (npm) May 13, 2022
Remote Command Execution in reg-keygen-git-hash-plugin High
CVE-2021-32673 was published for reg-keygen-git-hash-plugin (npm) Jun 8, 2021
progfay
OS Command Injection in Strapi High
CVE-2019-19609 was published for strapi (npm) Dec 10, 2021
OS Command Injection in pixl-class High
CVE-2020-7640 was published for pixl-class (npm) Dec 10, 2021
Injection and Command Injection in devcert High
CVE-2020-8186 was published for devcert (npm) May 18, 2021
OS Command Injection and Command Injection in kill-port-process High
CVE-2019-15609 was published for kill-port-process (npm) Feb 10, 2022
OS Command Injection in enpeem High
CVE-2019-10801 was published for enpeem (npm) Apr 13, 2021
OS Command Injection in compile-sass High
CVE-2019-10799 was published for compile-sass (npm) Apr 13, 2021
OS Command Injection in serial-number High
CVE-2019-10804 was published for serial-number (npm) Apr 13, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database