GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
158 advisories
Filter by severity
OS Command Injection in Snyk gradle plugin
High
CVE-2024-48964
was published
for
snyk-gradle-plugin
(npm)
Oct 23, 2024
OS Command Injection in Snyk php plugin
High
CVE-2024-48963
was published
for
snyk-php-plugin
(npm)
Oct 23, 2024
ggit is vulnerable to Command Injection via the fetchTags(branch) API
Moderate
CVE-2024-21532
was published
for
ggit
(npm)
Oct 8, 2024
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
High
GHSA-fm76-w8jw-xf8m
was published
for
@saltcorn/plugins-loader
(npm)
Oct 3, 2024
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
High
CVE-2024-39943
was published
for
hfs
(npm)
Jul 5, 2024
Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases
Moderate
GHSA-rqgv-292v-5qgr
was published
for
renovate
(npm)
Apr 23, 2024
Pedroetb TTS-API OS Command Injection
Critical
CVE-2019-25158
was published
for
tts-api
(npm)
Dec 19, 2023
chromedriver Command Injection vulnerability
Moderate
CVE-2023-26156
was published
for
chromedriver
(npm)
Nov 9, 2023
Command Injection Vulnerability in find-exec
Critical
CVE-2023-40582
was published
for
find-exec
(npm)
Aug 30, 2023
git-commit-info vulnerable to Command Injection
High
CVE-2023-26134
was published
for
git-commit-info
(npm)
Jun 28, 2023
appium-desktop OS Command Injection vulnerability
Critical
CVE-2023-2479
was published
for
appium-desktop
(npm)
May 2, 2023
nemo-appium vulnerable to OS Command Injection
Critical
CVE-2022-21129
was published
for
nemo-appium
(npm)
Jan 31, 2023
wifey vulnerable to Command Injection due to improper input sanitization
Critical
CVE-2022-25890
was published
for
wifey
(npm)
Jan 9, 2023
abacus-ext-cmdline vulnerable to Command Injection
High
CVE-2022-24431
was published
for
abacus-ext-cmdline
(npm)
Dec 21, 2022
p4 vulnerable to Command Injection due to improper input sanitization
High
CVE-2022-25171
was published
for
p4
(npm)
Dec 20, 2022
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol
High
CVE-2022-25912
was published
for
simple-git
(npm)
Dec 6, 2022
Nadesiko3 OS Command Injection vulnerability
Critical
CVE-2022-41642
was published
for
nadesiko3
(npm)
Dec 5, 2022
nadesiko3 vulnerable to OS Command Injection
Critical
CVE-2022-42496
was published
for
nadesiko3
(npm)
Dec 5, 2022
Snyk plugins vulnerable to Command Injection
Moderate
CVE-2022-22984
was published
for
@snyk/snyk-cocoapods-plugin
(npm)
Nov 30, 2022
Snyk CLI affected by Command Injection vulnerability
High
CVE-2022-40764
was published
for
snyk
(npm)
Oct 4, 2022
ffmpeg-sdk vulnerable to OS Command Injection
Critical
CVE-2020-28435
was published
for
ffmpeg-sdk
(npm)
Jul 26, 2022
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath)
Critical
CVE-2020-28447
was published
for
xopen
(npm)
Jul 26, 2022
thenify before 3.3.1 made use of unsafe calls to `eval`.
Critical
CVE-2020-7677
was published
for
org.webjars.npm:thenify
(Maven)
Jul 18, 2022
ProTip!
Advisories are also available from the
GraphQL API