GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
39 advisories
Filter by severity
OS Command Injection in craftercms:crafter-studio
High
CVE-2018-19907
was published
for
org.craftercms:crafter-studio
(Maven)
Dec 19, 2018
Command Injection in Kylin
Critical
CVE-2020-13925
was published
for
org.apache.kylin:kylin-server-base
(Maven)
Jul 27, 2020
thenify before 3.3.1 made use of unsafe calls to `eval`.
Critical
CVE-2020-7677
was published
for
org.webjars.npm:thenify
(Maven)
Jul 18, 2022
OS Command Injection in Jenkins
High
CVE-2017-1000393
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
OS command execution vulnerability in Perfecto Plugin
High
CVE-2020-2261
was published
for
io.jenkins.plugins:perfecto
(Maven)
May 24, 2022
System command execution vulnerability in Selection tasks Jenkins Plugin
High
CVE-2020-2276
was published
for
org.jvnet.hudson.plugins:selection-tasks-plugin
(Maven)
May 24, 2022
OS command injection in CryptoMove Plugin
High
CVE-2020-2159
was published
for
io.jenkins.plugins:cryptomove
(Maven)
May 24, 2022
CrafterCMS OS Command Injection vulnerability
High
CVE-2022-40635
was published
for
org.craftercms:craftercms
(Maven)
Sep 14, 2022
OS command injection vulnerability in Jenkins Play Framework Plugin
High
CVE-2020-2200
was published
for
org.jenkins-ci.plugins:play-autotest-plugin
(Maven)
May 24, 2022
XStream is vulnerable to a Remote Command Execution attack
Moderate
CVE-2021-21345
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
ballcat-codegen template engine remote code execution injection
High
CVE-2022-24881
was published
for
com.hccake:ballcat-codegen
(Maven)
Apr 27, 2022
Command injection leading to Remote Code Execution in Apache Storm
Critical
CVE-2021-38294
was published
for
org.apache.storm:storm
(Maven)
Oct 27, 2021
OS Command Injection in OpenTSDB
Critical
CVE-2020-35476
was published
for
net.opentsdb:opentsdb
(Maven)
Aug 2, 2021
OS Command Injection in Nexus Yum Repository Plugin
High
CVE-2019-5475
was published
for
org.sonatype.nexus.plugins:nexus-yum-repository-plugin
(Maven)
Sep 11, 2019
Code injection in Apache NiFi and NiFi Registry
High
CVE-2022-33140
was published
for
org.apache.nifi.registry:nifi-registry-core
(Maven)
Jun 16, 2022
XStream can be used for Remote Code Execution
High
CVE-2020-26217
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Nov 16, 2020
XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling
Moderate
CVE-2020-26259
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 21, 2020
Shell command injection in Apache Syncope
High
CVE-2020-11977
was published
for
org.apache.syncope:syncope
(Maven)
Jun 16, 2021
OpenTSDB vulnerable to OS Command Injection
Critical
CVE-2018-12972
was published
for
net.opentsdb:opentsdb
(Maven)
May 13, 2022
Apache Hadoop argument injection vulnerability
Critical
CVE-2022-25168
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Aug 5, 2022
Apache James Server OS Command Injection
High
CVE-2015-7611
was published
for
org.apache.james:james-server
(Maven)
May 14, 2022
trentm/json vulnerable to command injection
High
CVE-2020-7712
was published
for
json
(Maven)
May 6, 2021
CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources
High
CVE-2022-40634
was published
for
org.craftercms:crafter-studio
(Maven)
Sep 14, 2022
Command injection in OpenTSDB
Critical
CVE-2023-25826
was published
for
net.opentsdb:opentsdb
(Maven)
May 3, 2023
Bash command injection in Apache Zeppelin
Critical
CVE-2019-10095
was published
for
org.apache.zeppelin:zeppelin
(Maven)
Sep 7, 2021
ProTip!
Advisories are also available from the
GraphQL API