Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

433 advisories

Loading
OS Command Injection in jscover Critical
CVE-2020-7623 was published for jscover (npm) Feb 10, 2022
OS Command Injection in strong-nginx-controller Critical
CVE-2020-7621 was published for strong-nginx-controller (npm) Feb 10, 2022
OS Command Injection and Command Injection in kill-port-process High
CVE-2019-15609 was published for kill-port-process (npm) Feb 10, 2022
OS Command Injection in systeminformation High
CVE-2020-7778 was published for systeminformation (npm) Feb 9, 2022
push-dir Enables OS Command Injection Critical
CVE-2019-10803 was published for push-dir (npm) Feb 9, 2022
OS Command Injection in ansible High
CVE-2020-1734 was published for ansible (pip) Feb 9, 2022
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks Critical
CVE-2021-21386 was published for APKLeaks (pip) Jan 21, 2022
Ry0taK
Credited to Ry0taK
OS command execution vulnerability in Jenkins Docker Commons Plugin High
CVE-2022-20617 was published for org.jenkins-ci.plugins:docker-commons (Maven) Jan 13, 2022
westonsteimel
Credited to westonsteimel
OS Command Injection in diskusage-ng Critical
CVE-2020-7631 was published for diskusage-ng (npm) Jan 7, 2022
OS Command Injection in node-mpv Critical
CVE-2020-7632 was published for node-mpv (npm) Jan 7, 2022
An authenticated user can execute arbitrary command in Gerapy High
CVE-2021-32849 was published for gerapy (pip) Jan 6, 2022
OS Command Injection in Laravel Framework High
CVE-2020-19316 was published for laravel/framework (Composer) Jan 6, 2022
OS Command Injection in celery High
CVE-2021-23727 was published for celery (pip) Jan 6, 2022
Gerapy may cause remote code execution Critical
CVE-2021-43857 was published for gerapy (pip) Jan 6, 2022
Command injection in github-todos Critical
CVE-2021-44684 was published for github-todos (npm) Dec 10, 2021
dwisiswant0
Credited to dwisiswant0
OS Command Injection in pixl-class High
CVE-2020-7640 was published for pixl-class (npm) Dec 10, 2021
OS Command Injection in Strapi High
CVE-2019-19609 was published for strapi (npm) Dec 10, 2021
OS Command Injection in fsa Moderate
CVE-2020-7615 was published for fsa (npm) Dec 9, 2021
OS Command Injection in adb-driver Critical
CVE-2020-7636 was published for adb-driver (npm) Dec 9, 2021
OS Command Injection in heroku-addonpool Critical
CVE-2020-7634 was published for heroku-addonpool (npm) Dec 9, 2021
Command injection in git-it-electron Critical
CVE-2021-44685 was published for git-it-electron (npm) Dec 8, 2021
dwisiswant0
Credited to dwisiswant0
OS Command injection in docker-cli-js Moderate
CVE-2021-23732 was published for docker-cli-js (npm) Dec 2, 2021 withdrawn
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS Critical
CVE-2021-41243 was published for baserproject/basercms (Composer) Dec 1, 2021
Privilege escalation to cluster admin on multi-tenant environments High
CVE-2021-41254 was published for github.com/fluxcd/kustomize-controller (Go) Nov 15, 2021
AdamKorcz DavidKorczynski
Credited to AdamKorcz and DavidKorczynski
Code injection in `saved_model_cli` Moderate
CVE-2021-41228 was published for tensorflow (pip) Nov 10, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database