GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
88 advisories
Filter by severity
PIDUsage Enables OS Command Injection
Critical
CVE-2017-1000220
was published
for
pidusage
(npm)
May 13, 2022
Withdrawn Advisory: OS Command Injection in effect
Critical
CVE-2020-7624
was published
for
effect
(npm)
Feb 10, 2022
•
withdrawn
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ZMarkdown
Critical
GHSA-2c83-wfv3-q25f
was published
for
rebber
(npm)
Sep 7, 2021
Treekill Enables OS Command Injection
Critical
CVE-2019-15598
was published
for
tree-kill
(npm)
May 24, 2022
promise-probe OS command injection vulnerability
Critical
CVE-2019-10791
was published
for
promise-probe
(npm)
May 24, 2022
Pedroetb TTS-API OS Command Injection
Critical
CVE-2019-25158
was published
for
tts-api
(npm)
Dec 19, 2023
appium-desktop OS Command Injection vulnerability
Critical
CVE-2023-2479
was published
for
appium-desktop
(npm)
May 2, 2023
Command Injection Vulnerability in find-exec
Critical
CVE-2023-40582
was published
for
find-exec
(npm)
Aug 30, 2023
apiconnect-cli-plugins vulnerable to OS Command Injection
Critical
CVE-2020-7633
was published
for
apiconnect-cli-plugins
(npm)
May 24, 2021
Command Injection in egg-scripts
Critical
CVE-2018-3786
was published
for
egg-scripts
(npm)
Sep 17, 2018
OS Command Injection in heroku-addonpool
Critical
CVE-2020-7634
was published
for
heroku-addonpool
(npm)
Dec 9, 2021
OS Command Injection in node-prompt-here
Critical
CVE-2020-7602
was published
for
node-prompt-here
(npm)
May 7, 2021
Remote Code Execution Vulnerability in NPM mongo-express
Critical
CVE-2019-10758
was published
for
mongo-express
(npm)
Dec 30, 2019
OS Command Injection in docker-compose-remote-api
Critical
CVE-2020-7606
was published
for
docker-compose-remote-api
(npm)
May 7, 2021
push-dir Enables OS Command Injection
Critical
CVE-2019-10803
was published
for
push-dir
(npm)
Feb 9, 2022
Command Injection in nuance-gulp-build-common
Critical
CVE-2020-28430
was published
for
nuance-gulp-build-common
(npm)
Apr 13, 2021
•
withdrawn
karma-mojo enables OS Command Injection
Critical
CVE-2020-7626
was published
for
karma-mojo
(npm)
Feb 10, 2022
Command Execution in windows-cpu
Critical
CVE-2017-1000219
was published
for
windows-cpu
(npm)
Sep 1, 2020
OS Command Injection in Locutus
Critical
CVE-2020-13619
was published
for
locutus
(npm)
Jul 26, 2021
OS Command Injection in gulp-tape
Critical
CVE-2020-7605
was published
for
gulp-tape
(npm)
May 7, 2021
OS Command Injection in gulkp-styledocco
Critical
CVE-2020-7607
was published
for
gulp-styledocco
(npm)
May 7, 2021
ProTip!
Advisories are also available from the
GraphQL API