GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,277
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,329 advisories
Filter by severity
Remote Command Execution in reg-keygen-git-hash-plugin
High
CVE-2021-32673
was published
for
reg-keygen-git-hash-plugin
(npm)
Jun 8, 2021
OS Command Injection in baserCMS
High
CVE-2021-20682
was published
for
baserproject/basercms
(Composer)
Jun 8, 2021
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
Critical
CVE-2021-32682
was published
for
studio-42/elfinder
(Composer)
Jun 16, 2021
Shell command injection in Apache Syncope
High
CVE-2020-11977
was published
for
org.apache.syncope:syncope
(Maven)
Jun 16, 2021
Command Injection in Centreon
High
CVE-2020-13252
was published
for
centreon/centreon
(Composer)
Jun 22, 2021
Hugo can execute a binary from the current directory on Windows
High
CVE-2020-26284
was published
for
github.com/gohugoio/hugo
(Go)
Jun 23, 2021
OS Command Injection in Locutus
Critical
CVE-2020-13619
was published
for
locutus
(npm)
Jul 26, 2021
OS Command Injection in OpenTSDB
Critical
CVE-2020-35476
was published
for
net.opentsdb:opentsdb
(Maven)
Aug 2, 2021
Arbitrary Command Injection due to Improper Command Sanitization
Moderate
GHSA-hxwm-x553-x359
was published
for
@npmcli/git
(npm)
Aug 5, 2021
OS command injection in ripgrep
Critical
CVE-2021-3013
was published
for
grep-cli
(Rust)
Aug 5, 2021
Remote code execution in better-macro
High
CVE-2021-38196
was published
for
better-macro
(Rust)
Aug 25, 2021
Command injection in mail agent settings
High
CVE-2021-37708
was published
for
shopware/core
(Composer)
Aug 30, 2021
remote code execution via git repo provider
Critical
CVE-2021-39159
was published
for
binderhub
(pip)
Aug 30, 2021
Command injection in @diez/generation
Low
CVE-2021-32830
was published
for
@diez/generation
(npm)
Sep 2, 2021
OS Command Injection in Centreon
High
CVE-2020-22345
was published
for
centreon/centreon
(Composer)
Sep 2, 2021
Bash command injection in Apache Zeppelin
Critical
CVE-2019-10095
was published
for
org.apache.zeppelin:zeppelin
(Maven)
Sep 7, 2021
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ZMarkdown
Critical
GHSA-2c83-wfv3-q25f
was published
for
rebber
(npm)
Sep 7, 2021
Code Injection in SLO Generator
Moderate
CVE-2021-22557
was published
for
slo-generator
(pip)
Oct 5, 2021
OS Command Injection in node-opencv
Critical
CVE-2019-10061
was published
for
opencv
(npm)
Oct 12, 2021
ProTip!
Advisories are also available from the
GraphQL API