GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+
1,071 advisories
Filter by severity
npos-tesseract Command Injection vulnerability
Critical
CVE-2020-28453
was published
for
npos-tesseract
(npm)
Aug 3, 2022
gitblame susceptible to command injection
Critical
CVE-2020-28434
was published
for
gitblame
(npm)
Aug 3, 2022
curljs Command Injection vulnerability
Critical
CVE-2020-28425
was published
for
curljs
(npm)
Aug 3, 2022
image-tiler susceptible to command injection
Critical
CVE-2020-28451
was published
for
image-tiler
(npm)
Aug 3, 2022
heroku-env susceptible to command injection
Critical
CVE-2020-28437
was published
for
heroku-env
(npm)
Aug 3, 2022
node-latex-pdf is susceptible to command injection
Critical
CVE-2020-28433
was published
for
node-latex-pdf
(npm)
Aug 3, 2022
get-npm-package-version Command Injection vulnerability
Critical
CVE-2020-7795
was published
for
get-npm-package-version
(npm)
Aug 3, 2022
monorepo-build Command Injection vulnerability
Critical
CVE-2020-28423
was published
for
monorepo-build
(npm)
Aug 3, 2022
Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF...
Critical
Unreviewed
CVE-2016-4991
was published
Jul 29, 2022
deferred-exec Command Injection vulnerability
Critical
CVE-2020-28438
was published
for
deferred-exec
(npm)
Jul 26, 2022
google-cloudstorage-commands Command Injection vulnerability
Critical
CVE-2020-28436
was published
for
google-cloudstorage-commands
(npm)
Jul 26, 2022
ffmpeg-sdk vulnerable to OS Command Injection
Critical
CVE-2020-28435
was published
for
ffmpeg-sdk
(npm)
Jul 26, 2022
ntesseract vulnerable to Command Injection
Critical
CVE-2020-28446
was published
for
ntesseract
(npm)
Jul 26, 2022
sonar-wrapper Command Injection vulnerability
Critical
CVE-2020-28443
was published
for
sonar-wrapper
(npm)
Jul 26, 2022
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath)
Critical
CVE-2020-28447
was published
for
xopen
(npm)
Jul 26, 2022
This affects all versions of package npm-help. The injection point is located in line 13 in index...
Critical
Unreviewed
CVE-2020-28445
was published
Jul 26, 2022
The affected product is vulnerable to two instances of command injection, which may allow an...
Critical
Unreviewed
CVE-2022-2143
was published
Jul 23, 2022
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 ...
Critical
Unreviewed
CVE-2022-34820
was published
Jul 13, 2022
Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection...
Critical
Unreviewed
CVE-2022-34592
was published
Jul 8, 2022
TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via...
Critical
Unreviewed
CVE-2022-32449
was published
Jul 8, 2022
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the...
Critical
Unreviewed
CVE-2022-34597
was published
Jul 7, 2022
Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the...
Critical
Unreviewed
CVE-2022-34595
was published
Jul 7, 2022
Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the...
Critical
Unreviewed
CVE-2022-34596
was published
Jul 7, 2022
An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over...
Critical
Unreviewed
CVE-2022-32310
was published
Jul 6, 2022
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security...
Critical
Unreviewed
CVE-2022-28171
was published
Jun 28, 2022
ProTip!
Advisories are also available from the
GraphQL API