Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,990 advisories

Loading
festivaltts4r allows arbitrary command execution Critical
CVE-2016-10194 was published for festivaltts4r (RubyGems) Oct 24, 2017
active-support impersonates 'activesupport' gem Critical
CVE-2018-3779 was published for active-support (RubyGems) Aug 13, 2018
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build Low
GHSA-jcgr-9698-82jx was published for @floffah/build (npm) May 28, 2021
Command Injection in bestzip Critical
GHSA-4qqc-mp5f-ccv4 was published for bestzip (npm) Sep 2, 2020
Command Injection in plotter Critical
GHSA-65xx-c85x-wg76 was published for plotter (npm) Sep 4, 2020
Command Injection in giting Critical
GHSA-7r9x-hr76-jr96 was published for giting (npm) Sep 4, 2020
Command Injection in entitlements High
GHSA-g8vp-6hv4-m67c was published for entitlements (npm) Sep 11, 2020
Command Injection in tomato High
GHSA-wqhw-frpx-5mmp was published for tomato (npm) Sep 2, 2020
Command Injection in priest-runner Critical
GHSA-9px9-f7jw-fwhj was published for priest-runner (npm) Sep 3, 2020
Command Injection in ascii-art Low
GHSA-9hqj-38j2-5jgm was published for ascii-art (npm) Sep 1, 2020
Command Injection in meta-git Critical
GHSA-qcff-ffx3-m25c was published for meta-git (npm) Sep 4, 2020
Command Injection in traceroute Critical
GHSA-rjvj-673q-4hfw was published for traceroute (npm) Sep 4, 2020
Command Injection in treekill High
GHSA-533p-g2hq-qr26 was published for treekill (npm) Sep 4, 2020
Command Injection in strapi High
GHSA-9p2w-rmx4-9mw7 was published for strapi (npm) Sep 4, 2020
Command Injection in pidusage Critical
CVE-2017-16034 was published for pidusage (npm) Sep 1, 2020
Command Injection in gm Critical
CVE-2015-7982 was published for gm (npm) Sep 1, 2020
Command Injection in addax High
GHSA-4q8f-5xxj-946r was published for addax (npm) Sep 3, 2020
Command Injection in node-wifi Critical
GHSA-4x6x-782q-jfc4 was published for node-wifi (npm) Sep 3, 2020
Command Injection in soletta-dev-app High
GHSA-8mgg-5x65-m4m4 was published for soletta-dev-app (npm) Sep 11, 2020
Command Injection in gnuplot Critical
GHSA-cfwc-xjfp-44jg was published for gnuplot (npm) Sep 4, 2020
Command Injection in npm-git-publish Critical
GHSA-49mg-94fc-2fx6 was published for npm-git-publish (npm) Sep 4, 2020
Command Injection in expressfs High
GHSA-mxmj-84q8-34r7 was published for expressfs (npm) Sep 3, 2020
Command Injection in marsdb Critical
GHSA-5mrr-rgp6-x4gr was published for marsdb (npm) Sep 3, 2020
Unauthenticated Remote Command Injection in ep_imageconvert High
CVE-2013-3364 was published for ep_imageconvert (npm) Aug 31, 2020
Command Injection in cocos-utils High
GHSA-rffp-mc78-wjf7 was published for cocos-utils (npm) Sep 2, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database