Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

433 advisories

Loading
Apache Hadoop argument injection vulnerability Critical
CVE-2022-25168 was published for org.apache.hadoop:hadoop-common (Maven) Aug 5, 2022
ffmpeg-sdk vulnerable to OS Command Injection Critical
CVE-2020-28435 was published for ffmpeg-sdk (npm) Jul 26, 2022
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath) Critical
CVE-2020-28447 was published for xopen (npm) Jul 26, 2022
Apache Spark UI can allow impersonation if ACLs enabled High
CVE-2022-33891 was published for org.apache.spark:spark-parent_2.12 (Maven) Jul 19, 2022
alowayed
Credited to alowayed
thenify before 3.3.1 made use of unsafe calls to `eval`. Critical
CVE-2020-7677 was published for org.webjars.npm:thenify (Maven) Jul 18, 2022
OS Command Injection in awesome spawn Critical
CVE-2014-0156 was published for awesome_spawn (RubyGems) Jul 1, 2022
BenK0lin
Credited to BenK0lin
Code injection in Apache NiFi and NiFi Registry High
CVE-2022-33140 was published for org.apache.nifi.registry:nifi-registry-core (Maven) Jun 16, 2022
kurt-r2c
Credited to kurt-r2c
OS Command Injection in cookiecutter Critical
CVE-2022-24065 was published for cookiecutter (pip) Jun 9, 2022
OS Command Injection in file editor in Gogs Critical
CVE-2022-1986 was published for gogs.io/gogs (Go) Jun 8, 2022
1135
Credited to 1135
Command injection in google-it High
CVE-2021-34083 was published for google-it (npm) Jun 3, 2022
OS Command Injection in s3-uploader High
CVE-2021-34084 was published for s3-uploader (npm) Jun 3, 2022
OS Command Injection in proctree High
CVE-2021-34082 was published for proctree (npm) Jun 3, 2022
OS Command Injection in lifion-verify-deps High
CVE-2021-34078 was published for lifion-verify-deps (npm) Jun 3, 2022
OS Command injection in ssl-utils High
CVE-2021-34080 was published for ssl-utils (npm) Jun 3, 2022
OS Command Injection in gitsome High
CVE-2021-34081 was published for gitsome (npm) Jun 3, 2022
OS Command Injection in gogs Critical
CVE-2021-32546 was published for gogs.io/gogs (Go) Jun 2, 2022
unicorn-security-team
Credited to unicorn-security-team
OS Command Injection in gogs Critical
CVE-2022-1884 was published for gogs.io/gogs (Go) Jun 2, 2022
1135
Credited to 1135
sharp vulnerable to Command Injection in post-installation over build environment Moderate
CVE-2022-29256 was published for sharp (npm) Jun 1, 2022
dwisiswant0
Credited to dwisiswant0
Apache Superset OS Command Injection High
CVE-2020-13948 was published for apache-superset (pip) May 24, 2022
Magento XML Injection vulnerability in the Widgets Update Layout High
CVE-2021-36022 was published for magento/community-edition (Composer) May 24, 2022
Magento is affected by an os command injection via the Data collection endpoint High
CVE-2021-36024 was published for magento/community-edition (Composer) May 24, 2022
Command Injection in SaltStack Salt High
CVE-2021-31607 was published for salt (pip) May 24, 2022
SaltStack Salt command injection via a crafted process name High
CVE-2020-28243 was published for salt (pip) May 24, 2022
Magento OS Command Injection Critical
CVE-2021-21018 was published for magento/community-edition (Composer) May 24, 2022
Magento OS command injection via the customer attribute save controller High
CVE-2021-21015 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database