Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

433 advisories

Loading
Command injection in git-interface Critical
CVE-2022-1440 was published for git-interface (npm) Apr 23, 2022
lirantal
Credited to lirantal
Command Injection vulnerability in asciidoctor-include-ext Critical
CVE-2022-24803 was published for asciidoctor-include-ext (RubyGems) Mar 31, 2022
joernchen
Credited to joernchen
Code injection in npm git Moderate
CVE-2021-23632 was published for git (npm) Mar 18, 2022
Command Injection in CasaOS Critical
CVE-2022-24193 was published for github.com/IceWhaleTech/CasaOS (Go) Mar 11, 2022
Code injection in Stripe CLI on windows High
CVE-2022-24753 was published for github.com/stripe/stripe-cli (Go) Mar 10, 2022
OS Command Injection in GenieACS Critical
CVE-2021-46704 was published for genieacs (npm) Mar 7, 2022
OS Command injection in npm-lockfile Critical
CVE-2022-0841 was published for npm-lockfile (npm) Mar 4, 2022
ljharb
Credited to ljharb
Exposure of home directory through shescape on Unix with Bash Moderate
CVE-2022-24725 was published for shescape (npm) Mar 3, 2022
Remote shell execution vulnerability in image_processing Critical
CVE-2022-24720 was published for image_processing (RubyGems) Mar 1, 2022
Command injection in strapi Moderate
CVE-2022-0764 was published for strapi (npm) Feb 27, 2022
Command injection in github.com/google/fscrypt Moderate
CVE-2022-25328 was published for github.com/google/fscrypt (Go) Feb 26, 2022
OS Command injection in Apache Airflow High
CVE-2022-24288 was published for apache-airflow (pip) Feb 26, 2022
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin High
CVE-2022-25173 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Feb 16, 2022
westonsteimel
Credited to westonsteimel
Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection High
CVE-2022-25175 was published for org.jenkins-ci.plugins.workflow:workflow-multibranch (Maven) Feb 16, 2022
daniel-beck
Credited to daniel-beck
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin High
CVE-2022-25174 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
westonsteimel
Credited to westonsteimel
Kubernetes Arbitrary Command Injection Moderate
CVE-2018-1002101 was published for k8s.io/kubernetes (Go) Feb 15, 2022
Exposure of server configuration in github.com/go-vela/server High
CVE-2020-26294 was published for github.com/go-vela/compiler (Go) Feb 15, 2022
matt-fevold wass3r
Credited to matt-fevold and wass3r
OS Command Injection in Microweber High
CVE-2022-0557 was published for microweber/microweber (Composer) Feb 12, 2022
OS Command Injection in install-package Critical
CVE-2020-7629 was published for install-package (npm) Feb 10, 2022
OS Command Injection in git-add-remote Critical
CVE-2020-7630 was published for git-add-remote (npm) Feb 10, 2022
OS Command Injection in node-key-sender Critical
CVE-2020-7627 was published for node-key-sender (npm) Feb 10, 2022
Withdrawn Advisory: OS Command Injection in effect Critical
CVE-2020-7624 was published for effect (npm) Feb 10, 2022 withdrawn
Fidget-Grep
Credited to Fidget-Grep
Injection in op-browser Critical
CVE-2020-7625 was published for op-browser (npm) Feb 10, 2022
karma-mojo enables OS Command Injection Critical
CVE-2020-7626 was published for karma-mojo (npm) Feb 10, 2022
Code injection in @rkesters/gnuplot Critical
CVE-2021-29369 was published for @rkesters/gnuplot (npm) Feb 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database