Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,277
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,329 advisories

Loading
Command injection in corenlp-js-prefab Critical
CVE-2020-28439 was published for corenlp-js-prefab (npm) Apr 13, 2021
OS Command Injection in enpeem High
CVE-2019-10801 was published for enpeem (npm) Apr 13, 2021
OS Command Injection in serial-number High
CVE-2019-10804 was published for serial-number (npm) Apr 13, 2021
OS Command Injection in giting Critical
CVE-2019-10802 was published for giting (npm) Apr 13, 2021
KateCatlin
Command Injection in nuance-gulp-build-common Critical
CVE-2020-28430 was published for nuance-gulp-build-common (npm) Apr 13, 2021 withdrawn
OS Command Injection in lsof High
CVE-2019-10783 was published for lsof (npm) Apr 13, 2021
Improper Input Validation in network-manager Critical
CVE-2019-10786 was published for network-manager (npm) Apr 13, 2021
OS Command Injection in im-metadata High
CVE-2019-10788 was published for im-metadata (npm) Apr 13, 2021
OS Command Injection in im-resize High
CVE-2019-10787 was published for im-resize (npm) Apr 13, 2021
Improper neutralization of arguments in freediskspace Critical
CVE-2020-7775 was published for freediskspace (npm) Apr 13, 2021
Command Injection in async-git Critical
CVE-2020-28490 was published for async-git (npm) Apr 12, 2021
Command Injection Vulnerability in systeminformation High
CVE-2021-21388 was published for systeminformation (npm) Apr 6, 2021
Command injection vulnerability in @prisma/sdk in getPackedPackage function High
CVE-2021-21414 was published for @prisma/sdk (npm) Apr 6, 2021
erik-krogh
Arbitrary Command Injection in portprocesses Moderate
CVE-2021-23348 was published for portprocesses (npm) Apr 6, 2021
omnitaint
[thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values Moderate
CVE-2021-21412 was published for @thi.ng/egf (npm) Apr 6, 2021
erik-krogh
XStream is vulnerable to a Remote Command Execution attack Moderate
CVE-2021-21345 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Command injection in node-ps Critical
CVE-2020-7785 was published for node-ps (npm) Mar 19, 2021
react-dev-utils OS Command Injection in function `getProcessForPort` Moderate
CVE-2021-24033 was published for react-dev-utils (npm) Mar 11, 2021
Command Injection Vulnerability High
CVE-2021-21315 was published for systeminformation (npm) Feb 16, 2021
Command injection in samba-client Critical
CVE-2021-27185 was published for samba-client (npm) Feb 11, 2021
Command injection in total.js High
CVE-2020-28494 was published for total.js (npm) Feb 5, 2021
Command Injection Vulnerability in Mechanize High
CVE-2021-21289 was published for mechanize (RubyGems) Feb 2, 2021
kyoshidajp
OS Command Injection in async-git Critical
CVE-2021-3190 was published for async-git (npm) Jan 29, 2021
Command injection in buns Critical
CVE-2020-7794 was published for buns (npm) Jan 13, 2021
XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling Moderate
CVE-2020-26259 was published for com.thoughtworks.xstream:xstream (Maven) Dec 21, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database