Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,655
Maven
5,000+
npm
4,284
NuGet
760
pip
4,067
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

155 advisories

Loading
Bash command injection in Apache Zeppelin Critical
CVE-2019-10095 was published for org.apache.zeppelin:zeppelin (Maven) Sep 7, 2021
Command Injection in Simiki Critical
CVE-2020-19001 was published for simiki (pip) Sep 1, 2021
Command injection in gitlogplus Critical
CVE-2021-23412 was published for gitlogplus (npm) Jul 26, 2021
Command injection in LocalStack Critical
CVE-2021-32090 was published for localstack (pip) Jun 18, 2021
Command Injection in @ronomon/opened Critical
CVE-2021-29300 was published for @ronomon/opened (npm) Jun 8, 2021
Command Injection in geojson2kml Critical
CVE-2020-28429 was published for geojson2kml (npm) May 10, 2021
Command Injection in ps-visitor Critical
CVE-2021-23374 was published for ps-visitor (npm) May 7, 2021
Command Injection in onion-oled-js Critical
CVE-2021-23377 was published for onion-oled-js (npm) May 7, 2021
Command Injection in picotts Critical
CVE-2021-23378 was published for picotts (npm) May 7, 2021
Code injection in mock2easy Critical
CVE-2020-7697 was published for mock2easy (npm) May 6, 2021
Command Injection in ffmpegdotjs Critical
CVE-2021-23376 was published for ffmpegdotjs (npm) May 6, 2021
Command injection in launchpad Critical
CVE-2021-23330 was published for launchpad (npm) Apr 13, 2021
Command Injection in nuance-gulp-build-common Critical
CVE-2020-28430 was published for nuance-gulp-build-common (npm) Apr 13, 2021 withdrawn
Command injection in eslint-fixer Critical
CVE-2021-26275 was published for eslint-fixer (npm) Apr 13, 2021
Command injection in gitlog Critical
CVE-2021-26541 was published for gitlog (npm) Apr 13, 2021
Command injection in fs-path Critical
CVE-2020-8298 was published for fs-path (npm) Mar 25, 2021
Command Injection in ps-kill Critical
CVE-2021-23355 was published for ps-kill (npm) Mar 19, 2021
Code injection in kill-process-by-name Critical
CVE-2021-23356 was published for kill-process-by-name (npm) Mar 19, 2021
Command injection in wc-cmd Critical
CVE-2020-28431 was published for wc-cmd (npm) Mar 19, 2021 withdrawn
Command injection in samba-client Critical
CVE-2021-27185 was published for samba-client (npm) Feb 11, 2021
Command injection in ts-process-promises Critical
CVE-2020-7784 was published for ts-process-promises (npm) Jan 13, 2021
Command injection in buns Critical
CVE-2020-7794 was published for buns (npm) Jan 13, 2021
Command Injection in traceroute Critical
GHSA-rjvj-673q-4hfw was published for traceroute (npm) Sep 4, 2020
Command Injection in npm-git-publish Critical
GHSA-49mg-94fc-2fx6 was published for npm-git-publish (npm) Sep 4, 2020
Command Injection in meta-git Critical
GHSA-qcff-ffx3-m25c was published for meta-git (npm) Sep 4, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database