Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,100 advisories

Loading
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript... Critical Unreviewed
CVE-2021-3781 was published Feb 17, 2022
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin High
CVE-2022-25173 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Feb 16, 2022
westonsteimel
Credited to westonsteimel
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin High
CVE-2022-25174 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
westonsteimel
Credited to westonsteimel
Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection High
CVE-2022-25175 was published for org.jenkins-ci.plugins.workflow:workflow-multibranch (Maven) Feb 16, 2022
daniel-beck
Credited to daniel-beck
Kubernetes Arbitrary Command Injection Moderate
CVE-2018-1002101 was published for k8s.io/kubernetes (Go) Feb 15, 2022
Exposure of server configuration in github.com/go-vela/server High
CVE-2020-26294 was published for github.com/go-vela/compiler (Go) Feb 15, 2022
matt-fevold wass3r
Credited to matt-fevold and wass3r
OS Command Injection in Microweber High
CVE-2022-0557 was published for microweber/microweber (Composer) Feb 12, 2022
An OS command injection was found in SecuwaySSL, when special characters injection on execute... Critical Unreviewed
CVE-2021-26616 was published Feb 11, 2022
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers... Critical Unreviewed
CVE-2022-20708 was published Feb 11, 2022
OS Command Injection in install-package Critical
CVE-2020-7629 was published for install-package (npm) Feb 10, 2022
OS Command Injection in git-add-remote Critical
CVE-2020-7630 was published for git-add-remote (npm) Feb 10, 2022
OS Command Injection in node-key-sender Critical
CVE-2020-7627 was published for node-key-sender (npm) Feb 10, 2022
Withdrawn Advisory: OS Command Injection in effect Critical
CVE-2020-7624 was published for effect (npm) Feb 10, 2022 withdrawn
Fidget-Grep
Credited to Fidget-Grep
Injection in op-browser Critical
CVE-2020-7625 was published for op-browser (npm) Feb 10, 2022
karma-mojo enables OS Command Injection Critical
CVE-2020-7626 was published for karma-mojo (npm) Feb 10, 2022
Code injection in @rkesters/gnuplot Critical
CVE-2021-29369 was published for @rkesters/gnuplot (npm) Feb 10, 2022
OS Command Injection in jscover Critical
CVE-2020-7623 was published for jscover (npm) Feb 10, 2022
OS Command Injection in strong-nginx-controller Critical
CVE-2020-7621 was published for strong-nginx-controller (npm) Feb 10, 2022
OS Command Injection and Command Injection in kill-port-process High
CVE-2019-15609 was published for kill-port-process (npm) Feb 10, 2022
Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar... Critical Unreviewed
CVE-2021-29393 was published Feb 10, 2022
The affected product is vulnerable to an authenticated OS command injection, which may allow an... Critical Unreviewed
CVE-2022-0365 was published Feb 10, 2022
OS Command Injection in systeminformation High
CVE-2020-7778 was published for systeminformation (npm) Feb 9, 2022
push-dir Enables OS Command Injection Critical
CVE-2019-10803 was published for push-dir (npm) Feb 9, 2022
OS Command Injection in ansible High
CVE-2020-1734 was published for ansible (pip) Feb 9, 2022
Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier,... High Unreviewed
CVE-2022-21173 was published Feb 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database