Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,102 advisories

Loading
thenify before 3.3.1 made use of unsafe calls to `eval`. Critical
CVE-2020-7677 was published for org.webjars.npm:thenify (Maven) Jul 18, 2022
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to... High Unreviewed
CVE-2020-15920 was published May 24, 2022
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject... High Unreviewed
CVE-2022-42279 was published Jan 13, 2023
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject... High Unreviewed
CVE-2022-42290 was published Jan 13, 2023
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0... High Unreviewed
CVE-2020-12109 was published May 24, 2022
Arbitrary Code Execution in require-node Critical
GHSA-8j6j-4h2c-c65p was published for require-node (npm) Sep 3, 2020
Growl before 1.10.0 vulnerable to Command Injection Critical
CVE-2017-16042 was published for growl (npm) Jun 8, 2018
OS Command Injection in node-opencv Critical
CVE-2019-10061 was published for opencv (npm) Oct 12, 2021
Arbitrary Command Injection due to Improper Command Sanitization Moderate
GHSA-hxwm-x553-x359 was published for @npmcli/git (npm) Aug 5, 2021
tyage
Credited to tyage
Exposure of server configuration in github.com/go-vela/server High
CVE-2020-26294 was published for github.com/go-vela/compiler (Go) Feb 15, 2022
matt-fevold wass3r
Credited to matt-fevold and wass3r
OS Command Injection in node-notifier Moderate
CVE-2020-7789 was published for node-notifier (npm) Dec 21, 2020
Command Injection in jison High
CVE-2020-8178 was published for jison (npm) Oct 8, 2020 withdrawn
Prototype Pollution in systeminformation Moderate
CVE-2020-26245 was published for systeminformation (npm) Nov 27, 2020
Command Injection in pdf-image Critical
CVE-2018-3757 was published for pdf-image (npm) Sep 1, 2020
Command injection in codecov (npm package) Moderate
CVE-2020-15123 was published for codecov (npm) Jul 20, 2020
Command Injection Vulnerability in systeminformation Moderate
CVE-2020-26274 was published for systeminformation (npm) Dec 16, 2020
Command Injection in git-tags-remote High
GHSA-gm9x-q798-hmr4 was published for git-tags-remote (npm) Jul 29, 2020
Command Injection in Kylin Critical
CVE-2020-13925 was published for org.apache.kylin:kylin-server-base (Maven) Jul 27, 2020
Remote Code Execution in electron High
CVE-2018-1000006 was published for electron (npm) Jan 23, 2018
OS Command Injection in craftercms:crafter-studio High
CVE-2018-19907 was published for org.craftercms:crafter-studio (Maven) Dec 19, 2018
Command Injection in macaddress Critical
CVE-2018-13797 was published for macaddress (npm) Sep 6, 2018
Electron protocol handler browser vulnerable to Command Injection High
CVE-2018-1000118 was published for electron (npm) Mar 26, 2018
codecov NPM module allows remote attackers to execute arbitrary commands High
CVE-2020-7597 was published for codecov (npm) Feb 19, 2020
OS command injection in git-diff-apply Critical
CVE-2019-10776 was published for git-diff-apply (npm) Feb 14, 2020
OS command injection in aws-lambda Critical
CVE-2019-10777 was published for aws-lambda (npm) Feb 14, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database